CVE-2017-14995

Published: Oct 4, 2017Modified: May 13, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Data Analytics Server 3.1.0, WSO2 Data Services Server 3.5.1, and WSO2 Machine Learner 1.2.0 is affected by stored XSS.

Affected (8)

Products: Wso2: Application Server, Business Process Server, Business Rules Server, Complex Event Processor, Dashboard Server, Data Analytics Server, Data Services Server, Machine Learner

Wso2

8 products

Application Server

Business Process Server

Business Rules Server

Complex Event Processor

Dashboard Server

Data Analytics Server

Data Services Server

Machine Learner

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Wso2 Application Server	Version 5.3.0
Wso2 Business Process Server	Version 3.6.0
Wso2 Business Rules Server	Version 2.2.0
Wso2 Complex Event Processor	Version 4.2.0
Wso2 Dashboard Server	Version 2.0.0
Wso2 Data Analytics Server	Version 3.1.0
Wso2 Data Services Server	Version 3.5.1
Wso2 Machine Learner	Version 1.2.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0257

Source: cve@mitre.org

PatchVendor Advisory

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0257

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.