353 matches found
WSO2 API Manager Cross-Site Scripting Vulnerability
WSO2 API Manager is an API lifecycle management solution from WSO2, Inc. A cross-site scripting vulnerability exists in WSO2 API Manager that stems from a reflected cross-site scripting vulnerability in the authentication endpoint...
WSO2 API Manager Security Vulnerability
WSO2 API Manager is an API lifecycle management solution from WSO2, Inc. A security vulnerability exists in WSO2 API Manager that stems from the lack of server-side input validation in the API Store...
WSO2 API Manager Security Vulnerability
WSO2 API Manager is a suite of API lifecycle management solutions from WSO2, USA. A security vulnerability exists in WSO2 API Manager that stems from a potential user emulation vulnerability in federated authentication using JIT configuration when certain configurations are enabled...
WSO2 API Manager Security Vulnerability
WSO2 API Manager is an API lifecycle management solution from WSO2, Inc. A security vulnerability exists in WSO2 API Manager that stems from an XML external entity injection vulnerability...
CVE-2023-31664
A reflected cross-site scripting XSS vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter...
CVE-2023-31664
A reflected cross-site scripting XSS vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter...
Cross site scripting
A reflected cross-site scripting XSS vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter...
WSO2 API Manager 跨站脚本漏洞
WSO2 API Manager is an API lifecycle management solution from WSO2, Inc. A security vulnerability exists in WSO2 API Manager versions prior to 4.2.0, which stems from a security issue in authenticationendpoint/login.do, that could allow an attacker to inject a crafted payload via the tenantDomain...
CVE-2023-31664
A reflected cross-site scripting XSS vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter...
CVE-2023-31664
The CVE-2023-31664 entry describes a reflected XSS in WSO2 API Manager prior to 4.2.0, exploitable via the tenantDomain parameter in /authenticationendpoint/login.do. Affected product is WSO2 API Manager; root cause is improper escaping/output handling of user-controlled input in tenantDomain, en...
CVE-2023-31664
A reflected cross-site scripting XSS vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter...
WSO2 Management Console (Multiple Products) - Unauthenticated Reflected Cross-Site Scripting (XSS)
Exploit Title: WSO2 Management Console Multiple Products - Unauthenticated Reflected Cross-Site Scripting XSS Date: 21 Apr 2022 Exploit Author: cxosmo Vendor Homepage: https://wso2.com Software Link: API Manager https://wso2.com/api-manager/, Identity Server https://wso2.com/identity-server/,...
WSO2 Management Console Cross Site Scripting
Exploit Title: WSO2 Management Console Multiple Products - Unauthenticated Reflected Cross-Site Scripting XSS Date: 21 Apr 2022 Exploit Author: cxosmo Vendor Homepage: https://wso2.com Software Link: API Manager https://wso2.com/api-manager/, Identity Server https://wso2.com/identity-server/,...
Exploit for Path Traversal in Wso2 Api_Manager
Better CVE-2022-29464 Certain WSO2 products allow unrestricte...
Exploit for Path Traversal in Wso2 Api_Manager
WSO2 Carbon Server CVE-2022-29464 Pre-auth RCE bug CVE-2022-2...
GHSA-JFGP-Q2HG-W285 WSO2 API Manager vulnerable to SSRF
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet...
WSO2 API Manager vulnerable to SSRF
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet...
CVE-2021-42646
XML External Entity XXE vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0...
CVE-2021-42646
XML External Entity XXE vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0...
Xxe
XML External Entity XXE vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0...