CVE-2022-29548

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-29548

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29548.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-29548

Published

2022-04-21T00:00:00Z

Modified

2026-05-18T05:53:47.059001083Z

Severity

4.6 (Medium) CVSS_V3 - CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:U/UI:R CVSS Calculator

Summary

[none]

Details

A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.

Database specific

{
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/29xxx/CVE-2022-29548.json"
}

References

Affected packages

Git

github.com/wso2-attic/analytics-is

Affected ranges

Type

GIT

Repo

https://github.com/wso2-attic/analytics-is

Events

Introduced

Last affected

bb7e011d81a237aa5e74265c33466ae254f7fdb6

Last affected

bd89e4586d7e8c240c93b03b9acb3a1e93078781

Database specific

{
    "cpe": [
        "cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:identity_server_analytics:5.6.0:*:*:*:*:*:*:*"
    ],
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.5.0"
        },
        {
            "last_affected": "5.6.0"
        }
    ]
}

Affected versions

v5.*

v5.2.0-beta2

v5.2.0-latest

v5.3.0-alpha2

v5.4.0-beta

v5.4.0-update1

v5.4.0-update4

v5.4.1

v5.5.0

v5.5.0-alpha

v5.5.0-alpha2

v5.5.0-alpha3

v5.5.0-beta

v5.5.0-rc1

v5.5.0-rc2

v5.6.0

v5.6.0-rc1

v5.6.0-rc2

v5.6.0-rc3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29548.json"

github.com/wso2/analytics-apim

Affected ranges

Type

GIT

Repo

https://github.com/wso2/analytics-apim

Events

Introduced

Last affected

5473541ec4434aeb0a2a1f583d672e1d1748240a

Last affected

78105a9da92efdcfceaca4c011a7960ebd3df0e3

Last affected

60936476e6c7a373442fbdf4690965500b5439bd

Database specific

{
    "cpe": [
        "cpe:2.3:a:wso2:api_manager_analytics:2.2.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:api_manager_analytics:2.5.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:api_manager_analytics:2.6.0:*:*:*:*:*:*:*"
    ],
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0"
        },
        {
            "last_affected": "2.5.0"
        },
        {
            "last_affected": "2.6.0"
        }
    ]
}

Affected versions

v1.*

v1.0.0-m1

v1.0.0-m2

v2.*

v2.1.0-alpha

v2.1.0-update2

v2.1.0-update3

v2.1.0-update4

v2.1.0-update5

v2.1.0-update6

v2.1.0-update7

v2.1.0-update8

v2.1.0-update9

v2.2.0

v2.2.0-rc

v2.2.0-rc2

v2.2.0-rc3

v2.2.0-update1

v2.2.0-update2

v2.5.0

v2.5.0-Alpha

v2.5.0-rc1

v2.5.0.Beta

v2.6.0

v2.6.0-alpha

v2.6.0-beta

v2.6.0-m1

v2.6.0-m2

v2.6.0-rc1

v2.6.0-rc2

v2.6.0-rc3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29548.json"

github.com/wso2/product-apim

Affected ranges

Type

GIT

Repo

https://github.com/wso2/product-apim

Events

Introduced

Last affected

5cdc3f8a5ea212c3bf231cb710ea3436e9aad1d7

Last affected

828807c24e02a88a91a70e6f9dbc6eeb58be3eaf

Last affected

a87463944acbc28f14c0af2a32dc30310147a0be

Last affected

727d091683c8199c37f2d19ab3198abee6553904

Last affected

2971de274564b622974de831403e9688a4a76c14

Last affected

e4956e9301b1c26eb06e80ec5c86628154b6ab55

Last affected

cf00d9e6cb083f94abae11818794f62cd5c94079

Database specific

{
    "cpe": [
        "cpe:2.3:a:wso2:api_manager:2.2.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:api_manager:2.5.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:api_manager:2.6.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:api_manager:3.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:api_manager:4.0.0:*:*:*:*:*:*:*"
    ],
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0"
        },
        {
            "last_affected": "2.5.0"
        },
        {
            "last_affected": "2.6.0"
        },
        {
            "last_affected": "3.0.0"
        },
        {
            "last_affected": "3.1.0"
        },
        {
            "last_affected": "3.2.0"
        },
        {
            "last_affected": "4.0.0"
        }
    ]
}

Affected versions

4.*

4.0.0-beta

test-tag-1.*

test-tag-1.9.0-Alpha

v1.*

v1.9.0

v1.9.0-Alpha

v1.9.0-Beta

v1.9.0-Beta-2

v1.9.0-Beta-3

v1.9.0-M2

v2.*

v2.0.0-ALPHA

v2.0.0-M4

v2.1.0-alpha

v2.1.0-update1

v2.1.0-update10

v2.1.0-update11

v2.1.0-update12

v2.1.0-update13

v2.1.0-update14

v2.1.0-update2

v2.1.0-update3

v2.1.0-update5

v2.1.0-update7

v2.1.0-update8

v2.1.0-update9

v2.2.0

v2.2.0-update1

v2.2.0-update2

v2.2.0-update3

v2.2.0-update4

v2.2.0-update5

v2.2.0-update6

v2.2.0-update7

v2.5.0

v2.5.0-Alpha

v2.5.0-Beta

v2.5.0-rc1

v2.5.0-rc2

v2.5.0-rc3

v2.5.0-rc4

v2.6.0

v2.6.0-alpha

v2.6.0-alpha2

v2.6.0-beta

v2.6.0-beta2

v2.6.0-m1

v2.6.0-m2

v2.6.0-rc1

v2.6.0-rc2

v2.6.0-rc3

v3.*

v3.0.0

v3.0.0-alpha

v3.0.0-alpha2

v3.0.0-beta

v3.0.0-m32

v3.0.0-m33

v3.0.0-m34

v3.0.0-m35

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.1.0

v3.1.0-alpha

v3.1.0-beta

v3.1.0-m1

v3.1.0-m2

v3.1.0-m3

v3.1.0-m4

v3.1.0-m5

v3.1.0-rc1

v3.1.0-rc2

v3.1.0-rc3

v3.2.0

v3.2.0-alpha

v3.2.0-beta

v3.2.0-m1

v3.2.0-rc1

v3.2.0-rc2

v3.2.0-rc3

v3.2.0-rc4

v3.2.0-rc5

v3.2.0-rc6

v4.*

v4.0.0

v4.0.0-alpha

v4.0.0-beta

v4.0.0-m1

v4.0.0-m2

v4.0.0-m3

v4.0.0-m4

v4.0.0-m5

v4.0.0-m6

v4.0.0-m7

v4.0.0-m8

v4.0.0-rc

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29548.json"