CVE-2020-17453

MEDIUM EXPLOITED NUCLEI

WSO2 Management Console <5.10 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-17453 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including karthi-the-hacker, Pr0t0c01, ydycjz6j. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Node.js-based scanner for detecting CVE-2020-17453, a reflected XSS vulnerability in WSO2 Carbon products. The tool sends a crafted payload to the target URL and checks for the presence of the XSS payload in the response.

Description

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.

Exploits (4)

nomisec SCANNER 5 stars
by karthi-the-hacker · remote
https://github.com/karthi-the-hacker/CVE-2020-17453

This repository contains a Node.js-based scanner for detecting CVE-2020-17453, a reflected XSS vulnerability in WSO2 Carbon products. The tool sends a crafted payload to the target URL and checks for the presence of the XSS payload in the response.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WSO2 Carbon products (e.g., WSO2 API Manager, WSO2 Identity Server)
No auth needed
Prerequisites: Node.js environment · Network access to the target URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WRITEUP 2 stars
by Pr0t0c01 · pythonpoc
https://github.com/Pr0t0c01/CVEs/tree/main/WSO2Carbon_CVE-2020-17453

This repository provides a technical description of a reflected XSS vulnerability in WSO2 Carbon, including a Google dork and a Nuclei scanning template for detection. It does not contain exploit code but offers actionable details for identification.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WSO2 Carbon versions prior to 4.4.13, 4.5.0 to 4.5.7, 5.0.0 to 5.0.4, and 5.1.0 to 5.1.5
No auth needed
Prerequisites: Access to the login page of WSO2 Carbon
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 2 stars
by ydycjz6j · client-side
https://github.com/ydycjz6j/CVE-2020-17453-PoC

This repository contains a proof-of-concept for CVE-2020-17453, an XSS vulnerability in WSO2 Management Console through 5.10. The exploit leverages the msgId parameter in the login.jsp page to execute arbitrary JavaScript code.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WSO2 Management Console through 5.10
No auth needed
Prerequisites: Access to the target WSO2 Management Console login page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/jhhax/cve-2020-17453-poc

This repository provides a functional proof-of-concept for CVE-2020-17453, an XSS vulnerability in WSO2 Management Console through 5.10 via the carbon/admin/login.jsp msgId parameter. The PoC includes a direct URL with a crafted payload to trigger the XSS.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WSO2 Management Console through 5.10
No auth needed
Prerequisites: Access to the target WSO2 Management Console login page
devstral-2 · analyzed Feb 23, 2026 Full analysis →

Nuclei Templates (1)

WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting
MEDIUMby madrobot
Shodan: http.favicon.hash:1398055326
FOFA: icon_hash=1398055326

References (3)

Core 3

Scores

CVSS v3 6.1
EPSS 0.5785
EPSS Percentile 98.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2023-11-13
CWE
CWE-79
Status published
Products (17)
wso2/api_manager < 3.2.0
wso2/api_manager_analytics 2.2.0
wso2/api_manager_analytics 2.5.0
wso2/api_manager_analytics 2.6.0
wso2/api_microgateway 2.2.0
wso2/enterprise_integrator < 6.6.0
wso2/identity_server < 5.10.0
wso2/identity_server_analytics 5.4.0
wso2/identity_server_analytics 5.4.1
wso2/identity_server_analytics 5.5.0
... and 7 more
Published Apr 05, 2021
Tracked Since Feb 18, 2026