WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25516
Reference (s):
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0781
- https://github.com/piuppi/Proof-of-Concepts/blob/main/WSO2/CVE-2020-25516.md