404 matches found
CVE-2020-14444
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console Policy Administration user interface...
CVE-2020-14445
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console Basic Policy Editor user Interface...
CVE-2020-14446
An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists...
CVE-2019-18882
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled...
WSO2多款产品 安全漏洞
WSO2 API Manager and others are products of WSO2, Inc. of the U.S. WSO2 API Manager is an API lifecycle management solution.WSO2 Identity Server IS is an identity server.WSO2 Open Banking AM is an open banking gas pedal. A security vulnerability exists in several WSO2 products that stems from a...
PT-2025-22560 · Wso2 · Wso2 Identity Server
Name of the Vulnerable Software and Affected Versions: WSO2 Identity Server version 7.0.0 Description: An improper authentication issue exists due to an implementation flaw, allowing app-native authentication to be bypassed when an invalid object is passed. This could enable malicious actors to...
WSO2 Identity Server(IS) 安全漏洞
WSO2 Identity Server IS is an identity server from WSO2, Inc. A security vulnerability exists in WSO2 Identity Server IS version 7.0.0, which stems from an implementation flaw that could lead to bypassing authentication...
PT-2025-22549 · Wso2 · Wso2 Identity Server
Name of the Vulnerable Software and Affected Versions: WSO2 Identity Server version 7.0.0 Description: A reflected cross-site scripting XSS vulnerability exists in the sub-organization login flow due to improper input validation. This allows a malicious actor to inject arbitrary JavaScript into t...
WSO2 Identity Server(IS) 安全漏洞
WSO2 Identity Server IS is an identity server from the US-based WSO2 Inc. A security vulnerability exists in WSO2 Identity Server IS version 7.0.0 that stems from insufficient input validation and could lead to a reflective cross-site scripting attack...
WSO2 API Manager和WSO2 Identity Server(IS) 跨站脚本漏洞
WSO2 API Manager and WSO2 Identity Server IS are both products of WSO2, Inc.WSO2 API Manager is an API lifecycle management solution.WSO2 Identity Server is an identity server. A cross-site scripting vulnerability exists in WSO2 API Manager and WSO2 Identity Server IS, which stems from a lack of...
Incorrect Authorization
Overview org.wso2.is:identity-server-parent is an open source Identity and Access Management solution federating and managing identities across both enterprise and cloud service environments. Affected versions of this package are vulnerable to Incorrect Authorization that allows an attacker in...
WSO2 API Manager和WSO2 Identity Server 安全漏洞
WSO2 API Manager and WSO2 Identity Server IS are both products of WSO2, Inc.WSO2 API Manager is an API lifecycle management solution.WSO2 Identity Server is an identity server. A security vulnerability exists in WSO2 API Manager and WSO2 Identity Server that stems from improper authorization...
CVE-2020-24703
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2....
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication due to insufficient validation of the cnf claim in DPoP access tokens. An attacker can use leaked DPoP access tokens at local API endpoints without possessing the private key for signing proof tokens. Note: This ...
CVE-2024-7211
The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated wit...
CVE-2024-7211
The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated wit...
CVE-2024-7211 The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.
The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated wit...
CVE-2024-7211 The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.
The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated wit...
CVE-2024-7211
CVE-2024-7211 affects the 1E Platform through a component that uses the third‑party Duende Identity Server, which contains an open redirect vulnerability that could let an attacker control the redirection path to untrusted sites. The vulnerability stems from the Duende Identity Server integration...
PT-2024-38171 · 1E +1 · 1E Platform +1
Name of the Vulnerable Software and Affected Versions: 1E Platform affected versions not specified Duende Identity Server affected versions not specified Description: The issue concerns an open redirect vulnerability in the Duende Identity Server, a third-party component used by the 1E Platform...