https://github.com/mbadanoiu/wso2-2020-0731

WSO2-2020-0731: XXE and XSS vulnerabilities in WSO2 Carbon
https://github.com/mbadanoiu/wso2-2020-0731

0-day cross-site-scripting stored-xss wso2-2020-0731 xxe

Last synced: 4 months ago
JSON representation

WSO2-2020-0731: XXE and XSS vulnerabilities in WSO2 Carbon

• Host: GitHub
• URL: https://github.com/mbadanoiu/wso2-2020-0731
• Owner: mbadanoiu
• Created: 2024-02-16T17:57:16.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-02-16T18:16:35.000Z (over 1 year ago)
• Last Synced: 2025-01-12T09:29:30.380Z (5 months ago)
• Topics: 0-day, cross-site-scripting, stored-xss, wso2-2020-0731, xxe
• Homepage:
• Size: 4.6 MB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# WSO2-2020-0731: XXE and XSS vulnerabilities in WSO2 Carbon

A potential XXE and XSS have been identified in multiple WSO2 Products.

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2020/WSO2-2020-0731/).

### Why no CVE?

Neither me nor the vendor requested a CVE for these vulnerabilities.

### Requirements:

This vulnerability requires:




- Convincing a legitimate WSO2 user to add a malicious repository

  


  OR

  


- Valid user credentials

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/WSO2-2020-0731/blob/main/WSO2%20Carbon%20-%20WSO2-2020-0731.pdf).