PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-4327 Wso2 CVE debrief

CVE-2016-4327 is a cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java 6.6 build SSJ-6.6-20090827-1616 and earlier. The issue allows a remote attacker to inject arbitrary web script or HTML through the PATH_INFO component, which can lead to script execution in a victim's browser under the affected site’s origin. NVD rates the issue as medium severity, with network attack vector, low attack complexity, no privileges required, and user interaction required.

Vendor
Wso2
Product
CVE-2016-4327
CVSS
MEDIUM 6.1
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-17
Original CVE updated
2026-05-13
Advisory published
2017-02-17
Advisory updated
2026-05-13

Who should care

Organizations running WSO2 SOA Enablement Server for Java 6.6 build SSJ-6.6-20090827-1616 or earlier should treat this as relevant, especially teams responsible for public-facing web applications, reverse proxies, and browser-based admin or user portals exposed through the affected server.

Technical summary

The NVD record maps this issue to CWE-79 (improper neutralization of input during web page generation). The vulnerable surface is the PATH_INFO portion of requests, which can be used to place attacker-controlled script or HTML into a response context that the browser interprets. The CVSS 3.0 vector is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating that exploitation is reachable over the network but depends on user interaction and can affect confidentiality and integrity within the impacted web origin.

Defensive priority

Medium. This is not marked as a Known Exploited Vulnerability in the supplied corpus, but it is still important to remediate on any internet-facing or user-facing deployment because successful exploitation can hijack browser sessions or alter page content.

Recommended defensive actions

  • Confirm whether any WSO2 SOA Enablement Server for Java deployment is at or below SSJ-6.6-20090827-1616.
  • Upgrade to a vendor-fixed release if available, or remove exposure of the affected service until remediation is complete.
  • Review request handling and output encoding for PATH_INFO and any similar URL-derived inputs.
  • Add server-side input validation and context-appropriate output encoding for dynamic content rendered into HTML responses.
  • Use browser-side protections such as a strong Content Security Policy where feasible, as a defense-in-depth control.
  • Monitor logs for unusual PATH_INFO values and user reports of unexpected script execution or page tampering.

Evidence notes

The CVE description explicitly states that remote attackers can inject arbitrary web script or HTML via PATH_INFO in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier. NVD classifies the weakness as CWE-79 and publishes the CVSS 3.0 vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The supplied references include NVD-linked third-party advisory entries and a SecurityFocus BID, but no vendor fix details were provided in the corpus.

Official resources

CVE published: 2017-02-17T02:59:12.123Z. CVE modified: 2026-05-13T00:24:29.033Z. The supplied corpus does not include a vendor advisory date or a KEV date, and this entry is not marked as a Known Exploited Vulnerability.