Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

353 matches found

CVE
CVEadded 2020/01/27 11:37 p.m.69 views

CVE-2019-20440

The CVE-2019-20440 entry concerns WSO2 API Manager 2.6.0, describing a potential Reflected Cross-Site Scripting (XSS) vulnerability in the update API documentation feature of the API Publisher. All connected sources reiterate the same issue without providing concrete exploit details, affected sub...

4.8CVSS4.9AI score0.008EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2020/01/27 11:37 p.m.27 views

CVE-2019-20440

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the update API documentation feature of the API Publisher...

3.5CVSS5AI score0.008EPSS
Exploits1References3
CVE
CVEadded 2020/01/27 11:37 p.m.69 views

CVE-2019-20441

CVE-2019-20441 affects WSO2 API Manager 2.6.0, with a potential Stored Cross-Site Scripting (XSS) vulnerability in the API Publisher’s implement phase. Publicly documented details consistently describe the issue as a stored XSS in the publisher UI logic, but do not provide concrete exploit chains...

4.8CVSS4.8AI score0.008EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2020/01/27 11:37 p.m.24 views

CVE-2019-20441

An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting XSS vulnerability has been identified in the 'implement phase' of the API Publisher...

4.8CVSS4.9AI score0.008EPSS
Exploits1References3
CVE
CVEadded 2020/01/27 11:36 p.m.77 views

CVE-2019-20442

Root cause: Stored Cross-Site Scripting (XSS) in the registry UI of WSO2 products. Affected: WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. The XSS vulnerability is reported in roleToAuthorize handling. Impact: potential exp...

4.8CVSS4.8AI score0.00729EPSS
Exploits1References3Affected Software3
Cvelist
Cvelistadded 2020/01/27 11:36 p.m.27 views

CVE-2019-20442

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in roleToAuthorize has been identified in the registry UI...

3.5CVSS4.9AI score0.00729EPSS
Exploits1References3
CVE
CVEadded 2020/01/27 11:36 p.m.72 views

CVE-2019-20443

CVE-2019-20443 affects WSO2 products: API Manager 2.6.0, Enterprise Integrator 6.5.0, Identity Server 5.8.0, and related Key Manager 5.7.0. The issue is a potential stored Cross-Site Scripting (XSS) in the registry UI due to improper handling of mediaType in the UI component. Impact described acr...

4.8CVSS4.8AI score0.008EPSS
Exploits1References3Affected Software3
CVE
CVEadded 2020/01/27 11:36 p.m.77 views

CVE-2019-20436

Affected software: WSO2 API Manager 2.6.0; WSO2 IS as Key Manager 5.7.0; WSO2 Identity Server 5.8.0. Issue: configuring a claim dialect whose URI contains an XSS payload can cause execution when the URI is added as a service provider claim dialect during SP configuration, given the attacker has a...

6.1CVSS5.9AI score0.01373EPSS
Exploits1References3Affected Software2
Positive Technologies
Positive Technologiesadded 2020/01/27 12:0 a.m.3 views

PT-2020-10447 · Wso2 · Wso2 Identity Server +2

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager version 2.6.0 WSO2 IS as Key Manager version 5.7.0 WSO2 Identity Server version 5.8.0 Description: An issue was discovered where if a claim dialect is configured with an XSS payload in the dialect URI, and a user adds this...

6.1CVSS5.9AI score0.01373EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2020/01/27 12:0 a.m.3 views

PT-2020-10446 · Wso2 · Wso2 Api Manager

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager version 2.6.0 Description: A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter. Recommendations: F...

4.8CVSS3.8AI score0.01079EPSS
Exploits1References6
NVD
NVDadded 2019/08/16 4:15 a.m.11 views

CVE-2019-15108

An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component...

4.8CVSS4AI score0.00631EPSS
Exploits0References1
OSV
OSVadded 2019/08/16 4:15 a.m.14 views

CVE-2019-15108

An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component...

4.8CVSS5.7AI score
Exploits0References1
Prion
Prionadded 2019/08/16 4:15 a.m.14 views

Design/Logic Flaw

An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component...

3.5CVSS4.7AI score0.00631EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2019/08/16 3:7 a.m.145 views

CVE-2019-15108

CVE-2019-15108 affects WSO2 API Manager 2.6.0 (pre-4.4.0-4457 patch) due to an XSS vulnerability in the file-upload feature of the event simulator component triggered by a crafted filename. The impact is an XSS condition as described in sources. Remediation: apply WSO2-CARBON-PATCH-4.4.0-4457 to ...

4.8CVSS4.7AI score0.00631EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2019/08/16 3:7 a.m.20 views

CVE-2019-15108

An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component...

3.5CVSS4.8AI score0.00631EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2019/08/16 12:0 a.m.3 views

PT-2019-13988 · Wso2 · Wso2 Api Manager

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions 2.6.0 through the version before WSO2-CARBON-PATCH-4.4.0-4457 Description: The issue is related to a crafted filename that can cause XSS via the file-upload feature of the event simulator component. Recommendations:...

4.8CVSS3.6AI score0.00631EPSS
Exploits0References4
OSV
OSVadded 2019/05/21 10:29 p.m.20 views

CVE-2019-6513

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one...

5.4CVSS6.7AI score0.01369EPSS
Exploits0References3
NVD
NVDadded 2019/05/21 10:29 p.m.27 views

CVE-2019-6513

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one...

5.5CVSS5.5AI score0.01369EPSS
Exploits0References3
Prion
Prionadded 2019/05/21 10:29 p.m.9 views

Design/Logic Flaw

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one...

5.5CVSS5.5AI score0.01369EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2019/05/21 9:34 p.m.26 views

CVE-2019-6513

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one...

5.5AI score0.01369EPSS
Exploits0References3
Rows per page
Query Builder