WSO2 has released a fix for a Reflected Cross-Site Scripting (XSS) vulnerability in the Management Console. The vulnerability, tracked as CVE-2022-29548, can be exploited by tampering with the parameter in the Management Console. This vulnerability exists due to improper output encoding and affects various WSO2 products. WSO2 is an open-source software provider that offers … Continue reading “WSO2 Fixes Cross-Site Scripting (XSS) Vulnerability in its Multiple Products (CVE-2022-29548)”
Tag: WSO2
WSO2 Unrestricted Arbitrary File Upload and Remote Code Execution Vulnerability (CVE-2022-29464)
An unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to execute arbitrary code remotely on multiple WSO2 products has been reported. The vulnerability was reported by a researcher called Orange Tsai and is being tracked as CVE-2022-29464 (WSO2-2021-1738). WSO2 is an open-source software provider that offers an enterprise platform for integrating application programming interfaces (APIs), applications, … Continue reading “WSO2 Unrestricted Arbitrary File Upload and Remote Code Execution Vulnerability (CVE-2022-29464)”