{"id":"CVE-2022-29548","details":"A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.","modified":"2026-07-11T03:53:51.150934170Z","published":"2022-04-21T00:00:00Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/29xxx/CVE-2022-29548.json"},"references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/167587/WSO2-Management-Console-Cross-Site-Scripting.html"},{"type":"WEB","url":"https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/29xxx/CVE-2022-29548.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29548"},{"type":"ADVISORY","url":"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1603/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wso2/analytics-apim","events":[{"introduced":"5473541ec4434aeb0a2a1f583d672e1d1748240a"},{"last_affected":"60936476e6c7a373442fbdf4690965500b5439bd"}],"database_specific":{"extracted_events":[{"introduced":"2.2.0"},{"last_affected":"2.2.0"},{"introduced":"2.5.0"},{"last_affected":"2.5.0"},{"introduced":"2.6.0"},{"last_affected":"2.6.0"}],"source":"CPE_STRING","cpe":["cpe:2.3:a:wso2:api_manager_analytics:2.2.0:*:*:*:*:*:*:*","cpe:2.3:a:wso2:api_manager_analytics:2.5.0:*:*:*:*:*:*:*","cpe:2.3:a:wso2:api_manager_analytics:2.6.0:*:*:*:*:*:*:*"]}}],"versions":["2.2.0","2.5.0","2.6.0","v2.6.0-rc3","v2.6.0","v2.6.0-rc2","v2.6.0-rc1","v2.6.0-beta","v2.6.0-alpha","v2.6.0-m2","v2.6.0-m1","v2.5.0-rc1","v2.5.0","v2.5.0.Beta","v2.5.0-Alpha","v2.2.0-update2","v2.2.0-update1","v2.2.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29548.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/wso2/product-apim","events":[{"introduced":"5cdc3f8a5ea212c3bf231cb710ea3436e9aad1d7"},{"last_affected":"cf00d9e6cb083f94abae11818794f62cd5c94079"}],"database_specific":{"cpe":["cpe:2.3:a:wso2:api_manager:2.2.0:*:*:*:*:*:*:*","cpe:2.3:a:wso2:api_manager:2.5.0:*:*:*:*:*:*:*","cpe:2.3:a:wso2:api_manager:2.6.0:*:*:*:*:*:*:*","cpe:2.3:a:wso2:api_manager:3.0.0:*:*:*:*:*:*:*","cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*","cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*","cpe:2.3:a:wso2:api_manager:4.0.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"2.2.0"},{"last_affected":"2.2.0"},{"introduced":"2.5.0"},{"last_affected":"2.5.0"},{"introduced":"2.6.0"},{"last_affected":"2.6.0"},{"introduced":"3.0.0"},{"last_affected":"3.0.0"},{"introduced":"3.1.0"},{"last_affected":"3.1.0"},{"introduced":"3.2.0"},{"last_affected":"3.2.0"},{"introduced":"4.0.0"},{"last_affected":"4.0.0"}],"source":"CPE_STRING"}}],"versions":["2.2.0","2.5.0","2.6.0","3.0.0","3.1.0","3.2.0","4.0.0","v4.0.0-rc","v4.0.0","4.0.0-beta","v4.0.0-beta","v4.0.0-alpha","v4.0.0-m8","v4.0.0-m7","v4.0.0-m6","v4.0.0-m5","v4.0.0-m4","v4.0.0-m3","v4.0.0-m2","v4.0.0-m1","v3.2.0-rc6","v3.2.0","v3.2.0-rc5","v3.2.0-rc4","v3.2.0-rc3","v3.2.0-rc2","v3.2.0-rc1","v3.2.0-beta","v3.2.0-alpha","v3.2.0-m1","v3.1.0-rc3","v3.1.0","v3.0.0-rc3","v3.0.0","v3.1.0-rc2","v3.1.0-rc1","v3.1.0-beta","v3.1.0-alpha","v3.1.0-m5","v3.1.0-m4","v3.1.0-m3","v3.1.0-m2","v3.1.0-m1","v3.0.0-rc2","v3.0.0-rc1","v3.0.0-beta","v3.0.0-alpha2","v3.0.0-alpha","v3.0.0-m35","v3.0.0-m34","v3.0.0-m33","v3.0.0-m32","v2.6.0-rc3","v2.6.0","v2.6.0-rc2","v2.6.0-rc1","v2.6.0-beta2","v2.6.0-beta","v2.6.0-alpha2","v2.6.0-alpha","v2.6.0-m2","v2.6.0-m1","v2.5.0-rc4","v2.5.0","v2.5.0-rc3","v2.5.0-rc2","v2.5.0-rc1","v2.5.0-Beta","v2.5.0-Alpha","v2.2.0-update7","v2.2.0-update6","v2.2.0-update5","v2.2.0-update4","v2.2.0-update3","v2.2.0-update2","v2.2.0-update1","v2.2.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29548.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/wso2/product-ei","events":[{"introduced":"0f5695f9db169c6486a66ff1a4814a06fc6d6284"},{"last_affected":"bfdf341ab6dcfccce35c88b8a1567604f07ba8f5"}],"database_specific":{"extracted_events":[{"introduced":"6.2.0"},{"last_affected":"6.2.0"},{"introduced":"6.3.0"},{"last_affected":"6.3.0"},{"introduced":"6.4.0"},{"last_affected":"6.4.0"},{"introduced":"6.5.0"},{"last_affected":"6.5.0"},{"introduced":"6.6.0"},{"last_affected":"6.6.0"}],"source":"CPE_STRING","cpe":["cpe:2.3:a:wso2:enterprise_integrator:6.2.0:*:*:*:*:*:*:*","cpe:2.3:a:wso2:enterprise_integrator:6.3.0:*:*:*:*:*:*:*","cpe:2.3:a:wso2:enterprise_integrator:6.4.0:*:*:*:*:*:*:*","cpe:2.3:a:wso2:enterprise_integrator:6.5.0:*:*:*:*:*:*:*","cpe:2.3:a:wso2:enterprise_integrator:6.6.0:*:*:*:*:*:*:*"]}}],"versions":["6.2.0","6.3.0","6.4.0","6.5.0","6.6.0","v6.6.0-rc3","v6.6.0","v6.6.0-rc2","v6.6.0-rc1","v6.6.0-beta","v6.5.0-rc1","v6.5.0","v6.5.0-m6","v6.5.0-m4","v6.5.0-m3","v6.5.0-m2","v6.5.0-m1","v6.4.0-rc1","v6.4.0","v6.4.0-m8","v6.4.0-m7","v6.4.0-m6","v6.4.0-m5","v6.4.0-m4","v6.4.0-m3","v6.4.0-m2","v6.4.0-m1","v6.3.0-rc2","v6.3.0","v6.3.0-rc1","v6.3.0-m11","v6.3.0-m10","v6.3.0-m9","v6.3.0-m8","v6.3.0-m7","v6.3.0-m6","v6.3.0-m5","v6.3.0-m4","v6.3.0-m3","v6.3.0-m2","v6.3.0-m1","v6.2.0-rc2","v6.2.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29548.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:U/UI:R"}]}