Our ASM platform discovers, analyzes, prioritizes, & offers remediation plans for exposures in your known & unknown assets.
Our VI platform delivers threat intelligence & context on the latest cyber threats providing you with actionable insights for remediation.
Our vulnerability management continually detects, prioritizes, & plans remediation to protect your entire IT landscape.
Our penetration testing simulates a real-world attack on your digital assets to determine the strength of your security & defenses.
As a partner led organization, we are committed to working with our partners to deliver world-class early warning security intelligence solutions that eliminate the adversary advantage & deliver superior security outcomes for your clients.
An issue was discovered on WSO2 API Manager before 5.7.0 in the registry UI. A stored cross-site script (XSS) vulnerability allows an attacker to inject malicious code into the application and stored in the server. An input variable was vulnerable to stored XSS is ‘roleToAuthorize’ on the browser page.
*Affected Products: WSO2 API Manager, WSO2 API Manager Analytics, WSO2 IS as Key Manager, WSO2 IS as Key Manager, WSO2 Identity Server, WSO2 Identity Server Analytics
The following vulnerability was tested on WSO2 Identity Server version 5.7.0 Product.
Issue 01: Stored Cross-Site Scripting
.png)
Figure 01: Choose “Browse” from the Registry option.
.png)
Figure 02: Select any on ‘Role’ and add “Permission” from the permission section on the same page.
.png)
Figure 03: Capture the POST request in burp suite proxy and add XSS payload, “><img src=x onerror=prompt(1)> to “roleToAuthorize” variable.
.png)
Figure 04: Injected XSS Payload gets stored and executed in the browser.
.png)
Figure 05: The stored XSS payload gets executed whenever the user loads the page
Through an XSS attack, the attacker can make the browser redirect to a malicious website. Unauthorized actions such as changing the UI of the web page, retrieving information from the browser are possible. But since all session-related sensitive cookies are set with httponly flat and protected, session hijacking or mounting a similar attack would not be possible.
Download the following patch based on your product version.
| Code | Product | Version | Patch |
| APIM | WSO2 API Manager | 2.6.0 | WSO2-CARBON-PATCH-4.4.0-5432 |
| EI | WSO2 Enterprise Integrator | 6.5.0 | WSO2-CARBON-PATCH-4.4.0-5518 |
| IS KM | WSO2 IS as Key Manager | 5.7.0 | WSO2-CARBON-PATCH-4.4.0-5432 |
| IS | WSO2 Identity Server | 5.8.0 | WSO2-CARBON-PATCH-4.4.0-5431 |
Jul 02, 2019: Discovered in WS02 Identity Server 5.7.0 Version.
Jul 02, 2019: Report sent to WS02.
Jul 02, 2019: WS02 acknowledged the report
Aug 13, 2019: Fixing was initiated in all affected versions.
Sep 10, 2019: The vendor informed their customers about the vulnerability.
Oct 10, 2019: Public announcement by the vendor about the vulnerability.
