Lucene search
K

404 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:45 p.m.6 views

CVE-2020-14444

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console Policy Administration user interface...

5.4CVSS5.8AI score0.00681EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:20 p.m.9 views

CVE-2020-14445

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console Basic Policy Editor user Interface...

5.4CVSS5.8AI score0.00632EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:58 p.m.10 views

CVE-2020-14446

An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists...

6.1CVSS6.9AI score0.00812EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:52 a.m.11 views

CVE-2019-18882

WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled...

6.1CVSS5.9AI score0.00641EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/22 12:0 a.m.5 views

WSO2多款产品 安全漏洞

WSO2 API Manager and others are products of WSO2, Inc. of the U.S. WSO2 API Manager is an API lifecycle management solution.WSO2 Identity Server IS is an identity server.WSO2 Open Banking AM is an open banking gas pedal. A security vulnerability exists in several WSO2 products that stems from a...

9.8CVSS6.3AI score0.00585EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/22 12:0 a.m.8 views

PT-2025-22560 · Wso2 · Wso2 Identity Server

Name of the Vulnerable Software and Affected Versions: WSO2 Identity Server version 7.0.0 Description: An improper authentication issue exists due to an implementation flaw, allowing app-native authentication to be bypassed when an invalid object is passed. This could enable malicious actors to...

5.8CVSS6.2AI score0.00273EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/22 12:0 a.m.5 views

WSO2 Identity Server(IS) 安全漏洞

WSO2 Identity Server IS is an identity server from WSO2, Inc. A security vulnerability exists in WSO2 Identity Server IS version 7.0.0, which stems from an implementation flaw that could lead to bypassing authentication...

5.8CVSS6.4AI score0.00273EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/22 12:0 a.m.6 views

PT-2025-22549 · Wso2 · Wso2 Identity Server

Name of the Vulnerable Software and Affected Versions: WSO2 Identity Server version 7.0.0 Description: A reflected cross-site scripting XSS vulnerability exists in the sub-organization login flow due to improper input validation. This allows a malicious actor to inject arbitrary JavaScript into t...

4.6CVSS5.6AI score0.00182EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/22 12:0 a.m.6 views

WSO2 Identity Server(IS) 安全漏洞

WSO2 Identity Server IS is an identity server from the US-based WSO2 Inc. A security vulnerability exists in WSO2 Identity Server IS version 7.0.0 that stems from insufficient input validation and could lead to a reflective cross-site scripting attack...

5.4CVSS6AI score0.00182EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/22 12:0 a.m.4 views

WSO2 API Manager和WSO2 Identity Server(IS) 跨站脚本漏洞

WSO2 API Manager and WSO2 Identity Server IS are both products of WSO2, Inc.WSO2 API Manager is an API lifecycle management solution.WSO2 Identity Server is an identity server. A cross-site scripting vulnerability exists in WSO2 API Manager and WSO2 Identity Server IS, which stems from a lack of...

6.1CVSS6AI score0.00223EPSS
Exploits0References1
Snyk
Snyk
added 2025/02/27 6:30 a.m.1 views

Incorrect Authorization

Overview org.wso2.is:identity-server-parent is an open source Identity and Access Management solution federating and managing identities across both enterprise and cloud service environments. Affected versions of this package are vulnerable to Incorrect Authorization that allows an attacker in...

6.3CVSS7AI score0.00222EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/27 12:0 a.m.4 views

WSO2 API Manager和WSO2 Identity Server 安全漏洞

WSO2 API Manager and WSO2 Identity Server IS are both products of WSO2, Inc.WSO2 API Manager is an API lifecycle management solution.WSO2 Identity Server is an identity server. A security vulnerability exists in WSO2 API Manager and WSO2 Identity Server that stems from improper authorization...

5.6CVSS6.3AI score0.00222EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 2:33 p.m.9 views

CVE-2020-24703

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2....

8.8CVSS6.6AI score0.0105EPSS
Exploits0
Snyk
Snyk
added 2024/10/28 7:44 p.m.1 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication due to insufficient validation of the cnf claim in DPoP access tokens. An attacker can use leaked DPoP access tokens at local API endpoints without possessing the private key for signing proof tokens. Note: This ...

3.1CVSS6.7AI score0.0032EPSS
Exploits0References2
NVD
NVD
added 2024/08/01 5:16 p.m.37 views

CVE-2024-7211

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated wit...

6.1CVSS0.0024EPSS
Exploits0References1
OSV
OSV
added 2024/08/01 5:16 p.m.2 views

CVE-2024-7211

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated wit...

6.1CVSS5.7AI score0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/01 4:49 p.m.27 views

CVE-2024-7211 The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated wit...

4.7CVSS4.8AI score0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/01 4:49 p.m.34 views

CVE-2024-7211 The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated wit...

4.7CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2024/08/01 4:49 p.m.68 views

CVE-2024-7211

CVE-2024-7211 affects the 1E Platform through a component that uses the third‑party Duende Identity Server, which contains an open redirect vulnerability that could let an attacker control the redirection path to untrusted sites. The vulnerability stems from the Duende Identity Server integration...

6.1CVSS4.8AI score0.0024EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/01 12:0 a.m.6 views

PT-2024-38171 · 1E +1 · 1E Platform +1

Name of the Vulnerable Software and Affected Versions: 1E Platform affected versions not specified Duende Identity Server affected versions not specified Description: The issue concerns an open redirect vulnerability in the Duende Identity Server, a third-party component used by the 1E Platform...

6.1CVSS6.4AI score0.0024EPSS
Exploits0References9
Rows per page
Query Builder