CVE-2017-14651

MEDIUM NUCLEI

WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting

Title source: nuclei

Description

WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.

Nuclei Templates (1)

WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting
MEDIUMby mass0ma
Shodan: http.favicon.hash:1398055326
FOFA: icon_hash=1398055326

References (3)

Scores

CVSS v3 4.8
EPSS 0.0367
EPSS Percentile 87.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (17)
wso2/api_manager 2.1.0
wso2/application_server 5.3.0
wso2/app_manager 1.2.0
wso2/business_process_server 3.6.0
wso2/business_rules_server 2.2.0
wso2/complex_event_processor 4.2.0
wso2/dashboard_server 2.0.0
wso2/data_analytics_server 3.1.0
wso2/data_services_server 3.5.1
wso2/enterprise_integrator 6.1.1
... and 7 more
Published Sep 21, 2017
Tracked Since Feb 18, 2026