Due to improper output encoding, multiple Cross Site Scripting (XSS) attacks have been identified in WSO2 ESB.
The vendor's disclosure and fix for this vulnerability can be found here.
Neither me nor the vendor requested a CVE for this vulnerability.
This vulnerability requires:
- Some XSSs require valid user credentials
More details and the exploitation process can be found in this PDF.