CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4521 – WSO2 carbon-registry Request Parameter cross site scripting
https://notcve.org/view.php?id=CVE-2022-4521
15 Dec 2022 — A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profile_menu leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.8.7 is able to address this issue. • https://github.com/wso2/carbon-registry/commit/9f967abfde9317bee2cda469dbc09b57d539f2cc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4520 – WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2022-4520
15 Dec 2022 — A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the component Advanced Search. The manipulation of the argument mediaType/rightOp/leftOp/rightPropertyValue/leftPropertyValue leads to cross site scripting. The attack may be launched remotely. • https://github.com/wso2/carbon-registry/commit/0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •