Securin Zero-Days

CVE-2019-20438 – Stored Cross-Site Scripting in WSO2

Severity:Low

Vendor

WSO2

Affected Product

WSO2 API Manager

CVE

CVE-2019-20438

Securin ID

2019-CSW-01-1020

Status

Fixed

Date

July 6, 2019

Description

A vulnerability was discovered on WSO2 API Manager 2.6.0 in the inline API documentation editor page of the API Publisher. A stored cross-site script (XSS) vulnerability allows an attacker to inject malicious code into the inline API documentation editor page of the API Publisher when the user uses XSS payload in the code view.

Proof of Concept (POC):

The following vulnerability was tested on the WSO2 API Manager version 2.6.0 Product.

Issue 01: Stored Cross-Site Scripting.

Figure 01: Choose “Edit Content” after creating a document.

Figure 02: Clicked on </> to add XSS payload.

Figure 03: Use the “Save” button to save the document with the added “XSS Payload.”

Figure 04: Saving and clicking on </> back stores the XSS payload and executes in the browser.

Figure 05: The stored XSS payload gets executed whenever the user loads the page.

Impact

Through an XSS attack, the attacker can make the browser redirect to a malicious website. Unauthorized actions such as changing the UI of the web page, retrieving information from the browser are possible. But since all session-related sensitive cookies are set with httpOnly flat and protected, session hijacking or mounting a similar attack would not be possible.

Remediations

Download the relevant patch based on the product version.

Code Product Version Patch
AM WSO2 API Manager 2.6.0 WSO2-CARBON-PATCH-4.4.0-5187

Timeline

July 05, 2019: Discovered in WSO2 API Manager v2.6.0.

July 06, 2019: Reported to intigriti platform

July 23, 2019: Closed the issue in the intigriti platform as it was “out of scope.”

July 26, 2019: Reported to WSO2

July 26, 2019: WS02 acknowledged the report.

Aug 13, 2019: Fixing began in all affected versions.

Nov 04, 2019: Public and customer announcement by the vendor about the vulnerability.

Let Securin level up your security posture!