Filtered by vendor Wso2
Subscriptions
Total
70 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20435 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 4.8 Medium |
| An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter. | ||||
| CVE-2019-20434 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 4.8 Medium |
| An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console. | ||||
| CVE-2019-19587 | 1 Wso2 | 1 Enterprise Integrator | 2024-11-21 | 6.1 Medium |
| In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console. | ||||
| CVE-2019-18882 | 1 Wso2 | 1 Identity Server | 2024-11-21 | 6.1 Medium |
| WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. | ||||
| CVE-2019-18881 | 1 Wso2 | 1 Identity Server | 2024-11-21 | 6.1 Medium |
| WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. | ||||
| CVE-2019-15108 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 4.8 Medium |
| An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component. | ||||
| CVE-2019-10797 | 1 Wso2 | 1 Transport-http | 2024-11-21 | 6.5 Medium |
| Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled. | ||||
| CVE-2018-8716 | 1 Wso2 | 1 Identity Server | 2024-11-21 | N/A |
| WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers. | ||||
| CVE-2018-20737 | 1 Wso2 | 3 Api Manager, Identity Server, Identity Server As Key Manager | 2024-11-21 | N/A |
| An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. | ||||
| CVE-2018-20736 | 1 Wso2 | 1 Api Manager | 2024-11-21 | N/A |
| An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product. | ||||