Published: 09-30-30th September 2016
AFFECTED PRODUCTS
WSO2 Dashboard Server 2.0.0
...
An attacker aware of the authentication endpoint origin can include malicious content in a request to login page and trick a user to click the malicious content via email or a neutral web site. This reflects the attack back to the user’s browser and will execute the injected code, which may generate malicious page results that will mislead the victim or harm otherwise.
SOLUTION
Apply the following patch, based on your product versions by following the instructions in the README file. Patches can also be downloaded from http://wso2.com/security-patch-releases/. If you have any questions, please post them to security@wso2.com.
| Code | Product | Version | Patch |
|---|---|---|---|
| DS | WSO2 Dashboard Server | 2.0.0 | WSO2-CARBON-PATCH-4.4.0-0421 |
| EMM | WSO2 Enterprise Mobility Manager | 2.0.1 |