{"url":"http://public2.vulnerablecode.io/api/packages/647933?format=json","purl":"pkg:maven/org.wso2.carbon.apimgt/forum@6.3.60","type":"maven","namespace":"org.wso2.carbon.apimgt","name":"forum","version":"6.3.60","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19089?format=json","vulnerability_id":"VCID-6z3v-9kev-zycj","summary":"Improper Input Validation\nMultiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6835","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48023","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6835"},{"reference_url":"https://github.com/wso2/carbon-apimgt","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wso2/carbon-apimgt"},{"reference_url":"https://github.com/wso2/carbon-apimgt/blob/81e0c0b8ed0bd2dace1e9006be21acbb731c835e/components/forum/org.wso2.carbon.forum/src/main/java/org/wso2/carbon/forum/registry/RegistryForumManager.java#L762","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wso2/carbon-apimgt/blob/81e0c0b8ed0bd2dace1e9006be21acbb731c835e/components/forum/org.wso2.carbon.forum/src/main/java/org/wso2/carbon/forum/registry/RegistryForumManager.java#L762"},{"reference_url":"https://github.com/wso2/carbon-apimgt/commit/2e9591b72bc286dfcd22b57768e984d867c902ba","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wso2/carbon-apimgt/commit/2e9591b72bc286dfcd22b57768e984d867c902ba"},{"reference_url":"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1357","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1357"},{"reference_url":"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1357/","reference_id":"","reference_type":"","scores":[],"url":"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1357/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6835","reference_id":"CVE-2023-6835","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6835"},{"reference_url":"https://github.com/advisories/GHSA-w7rx-824v-rgx5","reference_id":"GHSA-w7rx-824v-rgx5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7rx-824v-rgx5"}],"fixed_packages":[],"aliases":["CVE-2023-6835","GHSA-w7rx-824v-rgx5"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6z3v-9kev-zycj"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.carbon.apimgt/forum@6.3.60"}