-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe GitHub patch adds OWASP Encoder to these JSP output expressions, demonstrating they were previously unencoded. The vulnerability stems from displaying stored user input (comments) without sanitization. The affected parameters (comment content, timestamps, usernames) are attacker-controlled inputs that get persisted and rendered unencoded in the Management Console's HTML output.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.wso2.carbon.registry:carbon-registry | maven | < 4.7.37 | 4.7.37 |