CVE-2019-6513

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one...

CVE-2019-6515

An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user...

Code injection

An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user...

Code injection

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation SSRF port-scanning, other adjacent workstations SSRF network scanning, or to enumerate files because of the existence of the file:// wrapper...

CVE-2019-6515

An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user...

CVE-2019-6512

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation SSRF port-scanning, other adjacent workstations SSRF network scanning, or to enumerate files because of the existence of the file:// wrapper...

CVE-2019-6512

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation SSRF port-scanning, other adjacent workstations SSRF network scanning, or to enumerate files because of the existence of the file:// wrapper...

CVE-2019-6515

Technical details (affected products, components, impact, remediation) are not publicly available in the provided documents. Monitor for updates.

CVE-2019-6515

An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user...

CVE-2019-6512

WSO2 API Manager 2.6.0 is affected by an SSRF issue that can force the application to access internal resources via the file:// wrapper, enabling requests to internal/workstation hosts (port-scanning), neighboring systems (network scanning), or file enumeration. The root cause is the presence of ...

CVE-2019-6512

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation SSRF port-scanning, other adjacent workstations SSRF network scanning, or to enumerate files because of the existence of the file:// wrapper...

CVE-2018-20736

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product...

CVE-2018-20737

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product...

CVE-2018-20737

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product...

CVE-2018-20736

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product...

Cross site scripting

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product...

Design/Logic Flaw

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product...

CVE-2018-20736

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product...

CVE-2018-20736

CVE-2018-20736 affects WSO2 API Manager 2.1.0 and 2.6.0. The issue is a DOM-based XSS in the store component. Connected sources do not provide exploitation details. The NVD entry lists CVSSv3 base score 5.4 (Medium) and network attack with user interaction required. Patches/mitigations are refere...

CVE-2018-20737

CVE-2018-20737 affects WSO2 API Manager 2.1.0 and 2.6.0 . The connected documents describe a Reflected XSS flaw in the product’s carbon component . The NVD record lists a Medium severity (CVSSv3.0 base score 5.4) with network access and requiring user interaction. No exploitation details are prov...