168 matches found
PT-2020-14006 · Wso2 · Wso2 Identity Server +1
Name of the Vulnerable Software and Affected Versions: WSO2 Identity Server versions through 5.10.0 WSO2 IS as Key Manager versions through 5.10.0 Description: An issue exists in the software, specifically an open redirect. Recommendations: For WSO2 Identity Server versions through 5.10.0, update...
PT-2020-14005 · Wso2 · Wso2 Identity Server +1
Name of the Vulnerable Software and Affected Versions: WSO2 Identity Server versions through 5.9.0 WSO2 IS as Key Manager versions through 5.9.0 Description: A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console Basic Policy Editor user...
WSO2 API Manager and WSO2 API Microgateway, WSO2 IS as Key Manager Code Issue Vulnerabilities
WSO2 API Manager and so on are the products of WSO2 Corporation in the U.S.A. WSO2 API Manager is a set of API lifecycle management solutions.WSO2 API Microgateway is a cloud-native, scalable API gateway product.WSO2 IS as Key Manager is a key manager. A code issue vulnerability exists in...
CVE-2020-13883
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle...
Code injection
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle...
CVE-2020-13883
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle...
CVE-2020-12719
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity...
Code injection
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity...
CVE-2019-20437
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as t...
CVE-2019-20442
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in roleToAuthorize has been identified in the registry UI...
CVE-2019-20437
CVE-2019-20437 affects WSO2 API Manager 2.6.0, WSO2 Identity Server 5.8.0, and WSO2 IS as Key Manager 5.7.0. A custom claim dialect with an XSS payload can execute when a user selects the dialect URI as the provisioning claim in the identity provider’s advanced claim configuration, provided the a...
CVE-2019-20442
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in roleToAuthorize has been identified in the registry UI...
CVE-2019-18881
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile...
CVE-2019-18882
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled...
CVE-2019-18881
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile...
CVE-2019-18882
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled...
Cross site scripting
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile...
Design/Logic Flaw
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled...
CVE-2019-18881
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile...
CVE-2019-18881
WSO2 Identity Server as Key Manager 5.7.0 is affected by an unauthenticated reflected XSS in the dashboard user profile (CVE-2019-18881). Exploitation details are not provided in the given documents beyond this description, and no patch/version remediation is specified here. Multiple connected so...