org.wso2.carbon:org.wso2.carbon.ui@4.6.3-m1 vulnerabilities
-
latest version
4.10.15
-
latest non vulnerable version
-
first published
7 years ago
-
latest version published
2 months ago
-
licenses detected
- [4.4.19,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.wso2.carbon:org.wso2.carbon.ui package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
org.wso2.carbon:org.wso2.carbon.ui is a package that provides the Carbon UI Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper output encoding, which can be exploited by tampering the parameter in the Management Console. Note: This vulnerability affects the following products:
How to fix Cross-site Scripting (XSS)? Upgrade |
[,4.6.3-m6)
|
org.wso2.carbon:org.wso2.carbon.ui is a package that provides the Carbon UI Affected versions of this package are vulnerable to Arbitrary File Upload due to improper validation of user input, a malicious actor could upload an arbitrary file to a user-controlled location of the server. By leveraging the arbitrary file upload vulnerability, it is further possible to gain remote code execution on the server. Note: The vulnerable components are:
How to fix Arbitrary File Upload? Upgrade |
[,4.7.0-m9)
|