Lucene search
K

168 matches found

Positive Technologies
Positive Technologies
added 2020/06/18 12:0 a.m.5 views

PT-2020-14006 · Wso2 · Wso2 Identity Server +1

Name of the Vulnerable Software and Affected Versions: WSO2 Identity Server versions through 5.10.0 WSO2 IS as Key Manager versions through 5.10.0 Description: An issue exists in the software, specifically an open redirect. Recommendations: For WSO2 Identity Server versions through 5.10.0, update...

6.1CVSS6.1AI score0.00812EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2020/06/18 12:0 a.m.8 views

PT-2020-14005 · Wso2 · Wso2 Identity Server +1

Name of the Vulnerable Software and Affected Versions: WSO2 Identity Server versions through 5.9.0 WSO2 IS as Key Manager versions through 5.9.0 Description: A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console Basic Policy Editor user...

5.4CVSS4.7AI score0.00632EPSS
Exploits1References4
CNVD
CNVD
added 2020/06/08 12:0 a.m.1 views

WSO2 API Manager and WSO2 API Microgateway, WSO2 IS as Key Manager Code Issue Vulnerabilities

WSO2 API Manager and so on are the products of WSO2 Corporation in the U.S.A. WSO2 API Manager is a set of API lifecycle management solutions.WSO2 API Microgateway is a cloud-native, scalable API gateway product.WSO2 IS as Key Manager is a key manager. A code issue vulnerability exists in...

6.7CVSS7.1AI score0.008EPSS
Exploits0References1
NVD
NVD
added 2020/06/06 7:15 p.m.19 views

CVE-2020-13883

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle...

6.7CVSS5.9AI score0.008EPSS
Exploits0References1
Prion
Prion
added 2020/06/06 7:15 p.m.15 views

Code injection

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle...

6.5CVSS6.6AI score0.008EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2020/06/06 6:49 p.m.21 views

CVE-2020-13883

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle...

5.5CVSS6.6AI score0.008EPSS
Exploits0References1
OSV
OSV
added 2020/05/08 12:15 a.m.18 views

CVE-2020-12719

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity...

7.2CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2020/05/08 12:15 a.m.18 views

Code injection

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity...

6.5CVSS7AI score0.01034EPSS
Exploits0References1Affected Software7
NVD
NVD
added 2020/01/28 1:15 a.m.24 views

CVE-2019-20437

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as t...

6.1CVSS6AI score0.01278EPSS
Exploits1References3
OSV
OSV
added 2020/01/28 12:15 a.m.19 views

CVE-2019-20442

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in roleToAuthorize has been identified in the registry UI...

4.8CVSS5.5AI score0.00729EPSS
Exploits1References3
CVE
CVE
added 2020/01/27 11:38 p.m.74 views

CVE-2019-20437

CVE-2019-20437 affects WSO2 API Manager 2.6.0, WSO2 Identity Server 5.8.0, and WSO2 IS as Key Manager 5.7.0. A custom claim dialect with an XSS payload can execute when a user selects the dialect URI as the provisioning claim in the identity provider’s advanced claim configuration, provided the a...

6.1CVSS5.9AI score0.01278EPSS
Exploits1References3Affected Software2
Cvelist
Cvelist
added 2020/01/27 11:36 p.m.28 views

CVE-2019-20442

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in roleToAuthorize has been identified in the registry UI...

3.5CVSS4.9AI score0.00729EPSS
Exploits1References3
NVD
NVD
added 2019/11/12 3:15 a.m.16 views

CVE-2019-18881

WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile...

6.1CVSS6.1AI score0.00744EPSS
Exploits0References1
NVD
NVD
added 2019/11/12 3:15 a.m.23 views

CVE-2019-18882

WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled...

6.1CVSS6AI score0.00641EPSS
Exploits0References1
OSV
OSV
added 2019/11/12 3:15 a.m.4 views

CVE-2019-18881

WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile...

6.1CVSS6.4AI score0.00744EPSS
Exploits0References1
OSV
OSV
added 2019/11/12 3:15 a.m.4 views

CVE-2019-18882

WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled...

6.1CVSS6.4AI score0.00641EPSS
Exploits0References1
Prion
Prion
added 2019/11/12 3:15 a.m.11 views

Cross site scripting

WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile...

4.3CVSS6AI score0.00744EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/11/12 3:15 a.m.14 views

Design/Logic Flaw

WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled...

4.3CVSS5.9AI score0.00641EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/12 2:56 a.m.23 views

CVE-2019-18881

WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile...

6.1AI score0.00744EPSS
Exploits0References1
CVE
CVE
added 2019/11/12 2:56 a.m.47 views

CVE-2019-18881

WSO2 Identity Server as Key Manager 5.7.0 is affected by an unauthenticated reflected XSS in the dashboard user profile (CVE-2019-18881). Exploitation details are not provided in the given documents beyond this description, and no patch/version remediation is specified here. Multiple connected so...

6.1CVSS6AI score0.00744EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder