{"id":"CVE-2022-29548","details":"A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.","modified":"2026-03-20T04:16:08.824197Z","published":"2022-04-21T02:15:06.800Z","references":[{"type":"ADVISORY","url":"https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603"},{"type":"ADVISORY","url":"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1603/"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/167587/WSO2-Management-Console-Cross-Site-Scripting.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wso2-attic/analytics-is","events":[{"introduced":"0"},{"last_affected":"bb7e011d81a237aa5e74265c33466ae254f7fdb6"},{"introduced":"0"},{"last_affected":"bd89e4586d7e8c240c93b03b9acb3a1e93078781"},{"introduced":"0"},{"last_affected":"42f3111ec596b0d8e8ac32cf33bc4261f53a95bb"},{"introduced":"0"},{"last_affected":"bb7e011d81a237aa5e74265c33466ae254f7fdb6"},{"introduced":"0"},{"last_affected":"bd89e4586d7e8c240c93b03b9acb3a1e93078781"},{"introduced":"0"},{"last_affected":"bb7e011d81a237aa5e74265c33466ae254f7fdb6"},{"introduced":"0"},{"last_affected":"bd89e4586d7e8c240c93b03b9acb3a1e93078781"},{"introduced":"0"},{"last_affected":"42f3111ec596b0d8e8ac32cf33bc4261f53a95bb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.5.0"},{"introduced":"0"},{"last_affected":"5.6.0"},{"introduced":"0"},{"last_affected":"5.7.0"},{"introduced":"0"},{"last_affected":"5.5.0"},{"introduced":"0"},{"last_affected":"5.6.0"},{"introduced":"0"},{"last_affected":"5.5.0"},{"introduced":"0"},{"last_affected":"5.6.0"},{"introduced":"0"},{"last_affected":"5.7.0"}]}},{"type":"GIT","repo":"https://github.com/wso2/product-apim","events":[{"introduced":"0"},{"last_affected":"5cdc3f8a5ea212c3bf231cb710ea3436e9aad1d7"},{"introduced":"0"},{"last_affected":"828807c24e02a88a91a70e6f9dbc6eeb58be3eaf"},{"introduced":"0"},{"last_affected":"a87463944acbc28f14c0af2a32dc30310147a0be"},{"introduced":"0"},{"last_affected":"727d091683c8199c37f2d19ab3198abee6553904"},{"introduced":"0"},{"last_affected":"2971de274564b622974de831403e9688a4a76c14"},{"introduced":"0"},{"last_affected":"e4956e9301b1c26eb06e80ec5c86628154b6ab55"},{"introduced":"0"},{"last_affected":"5cdc3f8a5ea212c3bf231cb710ea3436e9aad1d7"},{"introduced":"0"},{"last_affected":"828807c24e02a88a91a70e6f9dbc6eeb58be3eaf"},{"introduced":"0"},{"last_affected":"a87463944acbc28f14c0af2a32dc30310147a0be"},{"introduced":"0"},{"last_affected":"5cdc3f8a5ea212c3bf231cb710ea3436e9aad1d7"},{"introduced":"0"},{"last_affected":"e4956e9301b1c26eb06e80ec5c86628154b6ab55"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.2.0"},{"introduced":"0"},{"last_affected":"2.5.0"},{"introduced":"0"},{"last_affected":"2.6.0"},{"introduced":"0"},{"last_affected":"3.0.0"},{"introduced":"0"},{"last_affected":"3.1.0"},{"introduced":"0"},{"last_affected":"3.2.0"},{"introduced":"0"},{"last_affected":"2.2.0"},{"introduced":"0"},{"last_affected":"2.5.0"},{"introduced":"0"},{"last_affected":"2.6.0"},{"introduced":"0"},{"last_affected":"2.2.0"},{"introduced":"0"},{"last_affected":"3.2.0"}]}},{"type":"GIT","repo":"https://github.com/wso2/product-micro-integrator","events":[{"introduced":"0"},{"last_affected":"50ce86604b41d9966823059a07fa0bc985e0156e"},{"introduced":"0"},{"last_affected":"135aca18ba1b870b32660d89028b53c05bc12821"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.0.0"},{"introduced":"0"},{"last_affected":"1.0.0"}]}}],"versions":["test-tag-1.9.0-Alpha","v1.0.0","v1.0.0-m2","v1.0.0-m3","v1.0.0-m4","v1.0.0-m5","v1.0.0-m6","v1.0.0-m7","v1.0.0-rc1","v1.1.0","v1.1.0-alpha","v1.1.0-beta","v1.1.0-beta2","v1.1.0-beta3","v1.1.0-rc1","v1.10.0","v1.10.0-Alpha","v1.10.0-Beta","v1.10.0-rc3","v1.10.0-rc4","v1.2.0","v1.2.0-alpha","v1.2.0-beta","v1.2.0-m1","v1.2.0-m2","v1.2.0-m3","v1.2.0-m4","v1.2.0-rc1","v1.9.0","v1.9.0-Alpha","v1.9.0-Beta","v1.9.0-Beta-2","v1.9.0-Beta-3","v1.9.0-M2","v2.0.0","v2.0.0-ALPHA","v2.0.0-BETA","v2.0.0-M1","v2.0.0-M2","v2.0.0-M3","v2.0.0-M4","v2.0.0-M5","v2.0.0-beta2","v2.0.0-rc1","v2.0.0-rc2","v2.0.0-rc3","v2.0.0-rc4","v2.0.0-rc5","v2.1.0-alpha","v2.1.0-update1","v2.1.0-update10","v2.1.0-update11","v2.1.0-update12","v2.1.0-update13","v2.1.0-update14","v2.1.0-update2","v2.1.0-update3","v2.1.0-update4","v2.1.0-update5","v2.1.0-update6","v2.1.0-update7","v2.1.0-update8","v2.1.0-update9","v2.2.0","v4.0.0","v4.0.0-alpha","v4.0.0-beta","v4.0.0-m2","v4.0.0-m3","v4.0.0-m4","v4.0.0-m5","v4.0.0-m6","v4.0.0-m7","v4.0.0-m8","v4.0.0-rc1","v5.2.0-beta2","v5.2.0-latest","v5.3.0","v5.3.0-alpha2","v5.3.0-rc1","v5.3.0-rc2","v5.3.0-rc3","v5.4.0","v5.4.0-beta","v5.4.0-update1","v5.4.0-update4","v5.4.1","v5.5.0","v5.5.0-alpha","v5.5.0-alpha2","v5.5.0-alpha3","v5.5.0-beta","v5.5.0-rc1","v5.5.0-rc2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"6.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"5.9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"5.10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"5.11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"5.9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"5.10.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29548.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}