CVE-2016-4316
Description
Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
3.159
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-4316 are affected in WSO2 - org.wso2.carbon.messageflows.ui 4.4.5 | Windows |
| Vulnerabilities CVE-2016-4316 are affected in WSO2 - org.wso2.carbon.ndatasource.ui 4.4.5 | Windows |
| Vulnerabilities CVE-2016-4316 are affected in WSO2 - org.wso2.carbon.identity.mgt.ui 4.4.5 | Windows |
| Vulnerabilities CVE-2016-4316 are affected in WSO2 - org.wso2.carbon.messageflows.ui for Linux 4.4.5 | Linux |
| Vulnerabilities CVE-2016-4316 are affected in WSO2 - org.wso2.carbon.ndatasource.ui for Linux 4.4.5 | Linux |
| Vulnerabilities CVE-2016-4316 are affected in WSO2 - org.wso2.carbon.identity.mgt.ui for Linux 4.4.5 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234