wso2 api manager have xss issue

Question

I'm using WSO2 API MANAGER VERSION 1.10.0

Sample API published with script description in publisher portal

and i open the api detail in store portal

setting carbon.xml is below

<XSSPreventionConfig>
     <Enabled>true</Enabled>
     <Rule>allow</Rule>
     <!--Patterns>
         <Pattern></Pattern>
     </Patterns-->
</XSSPreventionConfig>

How can I solve it with setting?

score 1 · Accepted Answer · answered Oct 25 '16 at 05:29

1

You can download security patches for APIM 1.10.0 from here. This is already fixed in them.

answered Oct 25 '16 at 05:29

Bee

12,251
11
46
73

Here is a part of the fixes. https://github.com/wso2/carbon-apimgt/pull/1565/files Other fixes are in the same code base. Please note APIM 2.0.0 has more such security fixes. – Bee Oct 26 '16 at 15:57

wso2 api manager have xss issue

1 Answers1