CVE-2017-14651

MEDIUM NUCLEI

WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting

Title source: nuclei
STIX 2.1

Exploitation Summary

CVE-2017-14651 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.

Nuclei Templates (1)

WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting
MEDIUMby mass0ma
Shodan: http.favicon.hash:1398055326
FOFA: icon_hash=1398055326

References (3)

Core 3
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://github.com/cybersecurityworks/Disclosed/issues/15
Exploit, Third Party Advisory x_refsource_misc
https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html

Scores

CVSS v3 4.8
EPSS 0.0384
EPSS Percentile 88.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (17)
wso2/api_manager 2.1.0
wso2/app_manager 1.2.0
wso2/application_server 5.3.0
wso2/business_process_server 3.6.0
wso2/business_rules_server 2.2.0
wso2/complex_event_processor 4.2.0
wso2/dashboard_server 2.0.0
wso2/data_analytics_server 3.1.0
wso2/data_services_server 3.5.1
wso2/enterprise_integrator 6.1.1
... and 7 more
Published Sep 21, 2017
Tracked Since Feb 18, 2026