Filtered by vendor Wso2
Subscriptions
Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20441 | 1 Wso2 | 1 Api Manager | 2024-08-05 | 4.8 Medium |
| An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher. | ||||
| CVE-2019-19587 | 1 Wso2 | 1 Enterprise Integrator | 2024-08-05 | 6.1 Medium |
| In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console. | ||||
| CVE-2019-18881 | 1 Wso2 | 1 Identity Server | 2024-08-05 | 6.1 Medium |
| WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. | ||||
| CVE-2019-18882 | 1 Wso2 | 1 Identity Server | 2024-08-05 | 6.1 Medium |
| WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. | ||||
| CVE-2019-15108 | 1 Wso2 | 1 Api Manager | 2024-08-05 | 4.8 Medium |
| An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component. | ||||
| CVE-2019-10797 | 1 Wso2 | 1 Transport-http | 2024-08-04 | 6.5 Medium |
| Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled. | ||||
| CVE-2019-6512 | 1 Wso2 | 1 Api Manager | 2024-08-04 | N/A |
| An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper. | ||||
| CVE-2019-6513 | 1 Wso2 | 1 Api Manager | 2024-08-04 | N/A |
| An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one. | ||||
| CVE-2019-6514 | 1 Wso2 | 1 Dashboard Server | 2024-08-04 | N/A |
| An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS. | ||||
| CVE-2019-6516 | 1 Wso2 | 1 Dashboard Server | 2024-08-04 | N/A |
| An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation (port-scanning) and to perform requests to adjacent workstations (network-scanning), aka SSRF. | ||||
| CVE-2019-6515 | 1 Wso2 | 1 Api Manager | 2024-08-04 | N/A |
| An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user. | ||||
| CVE-2020-27885 | 1 Wso2 | 1 Api Manager | 2024-08-04 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of the victim while the hacker maintains access. | ||||
| CVE-2020-25516 | 1 Wso2 | 1 Enterprise Integrator | 2024-08-04 | 5.4 Medium |
| WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks. | ||||
| CVE-2020-24706 | 1 Wso2 | 6 Api Manager, Api Manager Analytics, Identity Server and 3 more | 2024-08-04 | 6.1 Medium |
| An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0. | ||||
| CVE-2020-24703 | 1 Wso2 | 9 Api Manager, Api Manager Analytics, Api Microgateway and 6 more | 2024-08-04 | 8.8 High |
| An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1. | ||||
| CVE-2020-24705 | 1 Wso2 | 6 Api Manager, Api Manager Analytics, Identity Server and 3 more | 2024-08-04 | 8.8 High |
| An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0. | ||||
| CVE-2020-24704 | 1 Wso2 | 9 Api Manager, Api Manager Analytics, Api Microgateway and 6 more | 2024-08-04 | 6.1 Medium |
| An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1. | ||||
| CVE-2020-24591 | 1 Wso2 | 5 Api Manager, Api Manager Analytics, Api Microgateway and 2 more | 2024-08-04 | 6.5 Medium |
| The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0. | ||||
| CVE-2020-24589 | 1 Wso2 | 2 Api Manager, Api Microgateway | 2024-08-04 | 9.1 Critical |
| The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. | ||||
| CVE-2020-24590 | 1 Wso2 | 2 Api Manager, Api Microgateway | 2024-08-04 | 9.1 Critical |
| The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. | ||||