Vulnerability Details CVE-2023-31664
A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.238
EPSS Ranking 96.1%
CVSS Severity
CVSS v3 Score 6.1
References
- https://github.com/adilkhan7/CVE-2023-31664
- https://github.com/wso2/api-manager/issues?q=is%3Aissue+is%3Aclosed+label%3AComponent%2FAPIM+closed%3A2022-04-05..2023-03-11
- https://github.com/wso2/product-apim/releases/tag/v4.2.0
- https://github.com/adilkhan7/CVE-2023-31664
- https://github.com/wso2/api-manager/issues?q=is%3Aissue+is%3Aclosed+label%3AComponent%2FAPIM+closed%3A2022-04-05..2023-03-11
- https://github.com/wso2/product-apim/releases/tag/v4.2.0
Products affected by CVE-2023-31664
-
cpe:2.3:a:wso2:api_manager:-
-
cpe:2.3:a:wso2:api_manager:1.0.0
-
cpe:2.3:a:wso2:api_manager:1.1.1
-
cpe:2.3:a:wso2:api_manager:1.10.0
-
cpe:2.3:a:wso2:api_manager:1.2.0
-
cpe:2.3:a:wso2:api_manager:1.3.0
-
cpe:2.3:a:wso2:api_manager:1.3.1
-
cpe:2.3:a:wso2:api_manager:1.4.0
-
cpe:2.3:a:wso2:api_manager:1.5.0
-
cpe:2.3:a:wso2:api_manager:1.6.0
-
cpe:2.3:a:wso2:api_manager:1.7.0
-
cpe:2.3:a:wso2:api_manager:1.8.0
-
cpe:2.3:a:wso2:api_manager:1.9.0
-
cpe:2.3:a:wso2:api_manager:1.9.1
-
cpe:2.3:a:wso2:api_manager:2.0.0
-
cpe:2.3:a:wso2:api_manager:2.0.0.28
-
cpe:2.3:a:wso2:api_manager:2.1.0
-
cpe:2.3:a:wso2:api_manager:2.1.0.38
-
cpe:2.3:a:wso2:api_manager:2.2.0
-
cpe:2.3:a:wso2:api_manager:2.2.0.57
-
cpe:2.3:a:wso2:api_manager:2.5.0
-
cpe:2.3:a:wso2:api_manager:2.5.0.83
-
cpe:2.3:a:wso2:api_manager:2.6.0
-
cpe:2.3:a:wso2:api_manager:2.6.0.143
-
cpe:2.3:a:wso2:api_manager:2.6.0.150
-
cpe:2.3:a:wso2:api_manager:3.0.0
-
cpe:2.3:a:wso2:api_manager:3.0.0.162
-
cpe:2.3:a:wso2:api_manager:3.0.0.180
-
cpe:2.3:a:wso2:api_manager:3.1.0
-
cpe:2.3:a:wso2:api_manager:3.1.0.181
-
cpe:2.3:a:wso2:api_manager:3.1.0.278
-
cpe:2.3:a:wso2:api_manager:3.1.0.293
-
cpe:2.3:a:wso2:api_manager:3.1.0.322
-
cpe:2.3:a:wso2:api_manager:3.1.0.331
-
cpe:2.3:a:wso2:api_manager:3.1.0.345
-
cpe:2.3:a:wso2:api_manager:3.1.0.347
-
cpe:2.3:a:wso2:api_manager:3.1.0.349
-
cpe:2.3:a:wso2:api_manager:3.1.0.351
-
cpe:2.3:a:wso2:api_manager:3.1.0.356
-
cpe:2.3:a:wso2:api_manager:3.2.0
-
cpe:2.3:a:wso2:api_manager:3.2.0.226
-
cpe:2.3:a:wso2:api_manager:3.2.0.278
-
cpe:2.3:a:wso2:api_manager:3.2.0.368
-
cpe:2.3:a:wso2:api_manager:3.2.0.384
-
cpe:2.3:a:wso2:api_manager:3.2.0.397
-
cpe:2.3:a:wso2:api_manager:3.2.0.401
-
cpe:2.3:a:wso2:api_manager:3.2.0.408
-
cpe:2.3:a:wso2:api_manager:3.2.0.415
-
cpe:2.3:a:wso2:api_manager:3.2.0.422
-
cpe:2.3:a:wso2:api_manager:3.2.0.427
-
cpe:2.3:a:wso2:api_manager:3.2.0.432
-
cpe:2.3:a:wso2:api_manager:3.2.0.433
-
cpe:2.3:a:wso2:api_manager:3.2.0.434
-
cpe:2.3:a:wso2:api_manager:3.2.0.435
-
cpe:2.3:a:wso2:api_manager:3.2.0.446
-
cpe:2.3:a:wso2:api_manager:3.2.0.450
-
cpe:2.3:a:wso2:api_manager:3.2.0.453
-
cpe:2.3:a:wso2:api_manager:3.2.0.455
-
cpe:2.3:a:wso2:api_manager:3.2.0.460
-
cpe:2.3:a:wso2:api_manager:3.2.1
-
cpe:2.3:a:wso2:api_manager:3.2.1.16
-
cpe:2.3:a:wso2:api_manager:3.2.1.27
-
cpe:2.3:a:wso2:api_manager:3.2.1.32
-
cpe:2.3:a:wso2:api_manager:3.2.1.39
-
cpe:2.3:a:wso2:api_manager:3.2.1.42
-
cpe:2.3:a:wso2:api_manager:3.2.1.52
-
cpe:2.3:a:wso2:api_manager:3.2.1.53
-
cpe:2.3:a:wso2:api_manager:3.2.1.54
-
cpe:2.3:a:wso2:api_manager:3.2.1.55
-
cpe:2.3:a:wso2:api_manager:3.2.1.66
-
cpe:2.3:a:wso2:api_manager:3.2.1.69
-
cpe:2.3:a:wso2:api_manager:3.2.1.70
-
cpe:2.3:a:wso2:api_manager:3.2.1.73
-
cpe:2.3:a:wso2:api_manager:3.2.1.74
-
cpe:2.3:a:wso2:api_manager:3.2.1.79
-
cpe:2.3:a:wso2:api_manager:4.0.0
-
cpe:2.3:a:wso2:api_manager:4.0.0.168
-
cpe:2.3:a:wso2:api_manager:4.0.0.217
-
cpe:2.3:a:wso2:api_manager:4.0.0.280
-
cpe:2.3:a:wso2:api_manager:4.0.0.293
-
cpe:2.3:a:wso2:api_manager:4.0.0.305
-
cpe:2.3:a:wso2:api_manager:4.0.0.310
-
cpe:2.3:a:wso2:api_manager:4.0.0.318
-
cpe:2.3:a:wso2:api_manager:4.0.0.319
-
cpe:2.3:a:wso2:api_manager:4.0.0.355
-
cpe:2.3:a:wso2:api_manager:4.0.0.368
-
cpe:2.3:a:wso2:api_manager:4.0.0.370
-
cpe:2.3:a:wso2:api_manager:4.0.0.373
-
cpe:2.3:a:wso2:api_manager:4.0.0.375
-
cpe:2.3:a:wso2:api_manager:4.0.0.381
-
cpe:2.3:a:wso2:api_manager:4.1.0
-
cpe:2.3:a:wso2:api_manager:4.1.0.136
-
cpe:2.3:a:wso2:api_manager:4.1.0.152
-
cpe:2.3:a:wso2:api_manager:4.1.0.166
-
cpe:2.3:a:wso2:api_manager:4.1.0.171
-
cpe:2.3:a:wso2:api_manager:4.1.0.187
-
cpe:2.3:a:wso2:api_manager:4.1.0.200
-
cpe:2.3:a:wso2:api_manager:4.1.0.206
-
cpe:2.3:a:wso2:api_manager:4.1.0.215
-
cpe:2.3:a:wso2:api_manager:4.1.0.216
-
cpe:2.3:a:wso2:api_manager:4.1.0.218
-
cpe:2.3:a:wso2:api_manager:4.1.0.219
-
cpe:2.3:a:wso2:api_manager:4.1.0.228
-
cpe:2.3:a:wso2:api_manager:4.1.0.231
-
cpe:2.3:a:wso2:api_manager:4.1.0.233
-
cpe:2.3:a:wso2:api_manager:4.1.0.236
-
cpe:2.3:a:wso2:api_manager:4.1.0.238
-
cpe:2.3:a:wso2:api_manager:4.1.0.242
-
cpe:2.3:a:wso2:api_manager:4.1.0.244