Eolinker goku_lite SQL Injection Vulnerability

Eolinker, an API management solution from Eolinker China, is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the file /balance/service/list. An attacker could exploit the vulnerability by gaining access to database information...

GHSA-W37G-RHQ8-7M4J vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0...

CVE-2022-1414

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...

Design/Logic Flaw

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...

PT-2022-13870 · Red Hat · 3Scale Api Management 2

Name of the Vulnerable Software and Affected Versions: 3scale API Management 2 Description: The issue arises from inadequate sanitation of user input in multiple fields, allowing an authenticated user to inject scripts. This could potentially lead to access to sensitive information or further...

CVE-2022-1414

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...

CVE-2022-1414

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...

At Kong Summit 2022, Imperva Will Demonstrate how to Use Terraform to Onboard Kong-managed Apps and Discover API Endpoints

Imperva and Kong are working together to simplify APIs Imperva is attending Kong’s 2022 Summit on September 28 and 29 in San Francisco. Imperva’s Summit booth will feature both a recorded and live demo built to showcase how Kong and Imperva seamlessly integrate using Terraform. Imperva, a...

GHSA-XC4W-28G8-VQM5 Path Traversal in Gravitee API Management

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...

Path Traversal in Gravitee API Management

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...

CVE-2019-25075

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...

CVE-2019-25075

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...

Path traversal

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...

CVE-2019-25075

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...

CVE-2019-25075

Gravitee API Management contains a path traversal + HTML injection vulnerability (CVE-2019-25075). Before version 1.25.3, anonymous users could read arbitrary files via /management/users/register due to the HTML injection path traversal flaw in the Email service. CVSS:3.1 base 6.1 (NETWORK, LOW a...

Gravitee API Management 跨站脚本漏洞

Gravitee API Management is the open source Gravitee API management tool. A security vulnerability exists in Gravitee API Management prior to version 1.25.3, which stems from a combination of HTML injection and path traversal in the email service, allowing an anonymous user to read arbitrary files...

CVE-2021-3442

A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality...

CVE-2021-3442

A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality...

Cross site request forgery (csrf)

A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality...

CVE-2021-3442

CVE-2021-3442 affects Red Hat OpenShift API Management (3scale API Management). The vulnerability is a reflected XSS due to insufficient input validation in user-controlled fields, allowing an authenticated user to inject scripts into text boxes. The primary impact is confidentiality risk, with t...