CVE-2019-20440

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the update API documentation feature of the API Publisher...

CVE-2019-20443

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in mediaType has been identified in the registry UI...

CVE-2019-20440

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the update API documentation feature of the API Publisher...

CVE-2019-20441

An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting XSS vulnerability has been identified in the 'implement phase' of the API Publisher...

CVE-2019-20441

An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting XSS vulnerability has been identified in the 'implement phase' of the API Publisher...

CVE-2019-20442

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in roleToAuthorize has been identified in the registry UI...

Cross site scripting

An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting XSS vulnerability has been identified in the 'implement phase' of the API Publisher...

Cross site scripting

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in roleToAuthorize has been identified in the registry UI...

Cross site scripting

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the update API documentation feature of the API Publisher...

Cross site scripting

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in mediaType has been identified in the registry UI...

CVE-2019-20434

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the Datasource creation page of the Management Console...

CVE-2019-20434

WSO2 API Manager 2.6.0 is affected by a potential Reflected Cross-Site Scripting (XSS) vulnerability in the Datasource creation page of the Management Console. The issue arises from insufficient validation of client-side data in the web application, which could allow an attacker to execute client...

CVE-2019-20435

An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter...

CVE-2019-20435

WSO2 API Manager 2.6.0 contains a reflected XSS in the inline API documentation editor page of the API Publisher, exploitable via a crafted GET request with a harmful docName parameter. Root cause is insufficient input validation/escaping on docName leading to script execution in an attacker-cont...

CVE-2019-20437

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as t...

CVE-2019-20437

CVE-2019-20437 affects WSO2 API Manager 2.6.0, WSO2 Identity Server 5.8.0, and WSO2 IS as Key Manager 5.7.0. A custom claim dialect with an XSS payload can execute when a user selects the dialect URI as the provisioning claim in the identity provider’s advanced claim configuration, provided the a...

CVE-2019-20438

CVE-2019-20438 affects WSO2 API Manager 2.6.0. The issue is a potential stored Cross-Site Scripting (XSS) vulnerability identified in the inline API documentation editor page of the API Publisher. The connected documents confirm the same description across multiple sources (NVD/Red Hat/NVD family...

CVE-2019-20438

An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting XSS vulnerability has been identified in the inline API documentation editor page of the API Publisher...

CVE-2019-20439

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher...

CVE-2019-20439

CVE-2019-20439 affects WSO2 API Manager 2.6.0. The issue is a potential reflected Cross-Site Scripting (XSS) in the scope definition feature of the API Publisher’s “manage the API” page. The publicly provided descriptions attribute this to insufficient validation of client-side data in the web ap...