Lucene search
K

178 matches found

GithubExploit
GithubExploit
added 2022/04/21 2:47 p.m.344 views

Exploit for Path Traversal in Wso2 Api_Manager

WSO2 Carbon Server CVE-2022-29464 Pre-auth R...

10CVSS9.6AI score0.99999EPSS
Exploits22
GithubExploit
GithubExploit
added 2022/04/21 6:48 a.m.624 views

Exploit for Path Traversal in Wso2 Api_Manager

CVE-2022-29464 WSO2 RCE CVE-2022-29464 exploit. Details C...

10CVSS10AI score0.99999EPSS
Exploits22
GithubExploit
GithubExploit
added 2022/04/20 9:23 p.m.699 views

Exploit for Path Traversal in Wso2 Api_Manager

CVE-2022-29464 WSO2 RCE CVE-2022-29464 exploit and writeup...

10CVSS10AI score0.99999EPSS
Exploits22
CNNVD
CNNVD
added 2022/04/18 12:0 a.m.3 views

WSO2 API Manager 路径遍历漏洞

WSO2 API Manager is an API lifecycle management solution from US-based WSO2. WSO2 API Manager suffers from a path traversal vulnerability that allows unlimited file uploads and remote code execution...

10CVSS9AI score0.99999EPSS
Exploits22References8
Cvelist
Cvelist
added 2022/04/18 12:0 a.m.33 views

CVE-2022-29464

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps...

9.8CVSS9.9AI score0.99999EPSS
Exploits22References4
Zero Day Initiative
Zero Day Initiative
added 2021/07/19 12:0 a.m.27 views

(0Day) WSO2 API Manager JMX Use of Hard-coded Credentials Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of WSO2 API Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JMX RMI service, which listens on TCP port 11111 by default. The service contains a...

9.8CVSS3.9AI score
Exploits0
GithubExploit
GithubExploit
added 2021/04/03 1:49 p.m.199 views

Exploit for Cross-site Scripting in Wso2 Api_Manager

CVE-2020-17453 WSO2 Management Console through 5.1...

6.1CVSS6AI score0.26118EPSS
Exploits2
CNVD
CNVD
added 2020/10/30 12:0 a.m.4 views

WSO2 API Manager Cross-Site Scripting Vulnerability (CNVD-2020-60481)

WSO2 API Manager is a suite of API lifecycle management solutions from WSO2, Inc. WSO2 API Manager 3.1.0 suffers from a cross-site scripting vulnerability, which can be exploited to hijack a logged-in user's session by stealing a cookie, changing the logged-in user's password while maintaining...

6.1CVSS6.4AI score0.00926EPSS
Exploits1References1
OSV
OSV
added 2020/10/29 9:15 p.m.13 views

CVE-2020-27885

Cross-Site Scripting XSS vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of th...

6.1CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2020/10/29 9:15 p.m.35 views

CVE-2020-27885

Cross-Site Scripting XSS vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of th...

6.1CVSS6.1AI score0.00926EPSS
Exploits1References2
Prion
Prion
added 2020/10/29 9:15 p.m.12 views

Cross site scripting

Cross-Site Scripting XSS vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of th...

4.3CVSS6.1AI score0.00926EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/10/29 8:14 p.m.48 views

CVE-2020-27885

WSO2 API Manager 3.1.0 is affected by a Cross-Site Scripting (XSS) vulnerability. A malicious user can inject and execute script via the authenticationEndpointURL parameter in FileBasedConfigurationBuilder.java (readAuthenticationEndpointURL), enabling session hijacking by stealing cookies, which...

6.1CVSS6AI score0.00926EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/10/29 8:14 p.m.39 views

CVE-2020-27885

Cross-Site Scripting XSS vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of th...

6.1AI score0.00926EPSS
Exploits1References2
CNVD
CNVD
added 2020/10/23 12:0 a.m.3 views

WSO API Manager Cross-Site Scripting Vulnerability

WSO2 API Manager is a suite of API lifecycle management solutions from WSO2, Inc. A cross-site scripting vulnerability exists in WSO2 API Manager version 3.1.0 and earlier versions, which originates from the failure to filter user input in the owner POST parameter of the administration interface ...

6.1CVSS6.3AI score0.00773EPSS
Exploits0References1
NVD
NVD
added 2020/10/21 10:15 p.m.25 views

CVE-2020-17454

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...

6.1CVSS0.00773EPSS
Exploits0References1
OSV
OSV
added 2020/10/21 10:15 p.m.22 views

CVE-2020-17454

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...

6.1CVSS5.9AI score
Exploits0References1
Prion
Prion
added 2020/10/21 10:15 p.m.20 views

Cross site request forgery (csrf)

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...

4.3CVSS5.9AI score0.00773EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/10/21 9:40 p.m.24 views

CVE-2020-17454

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...

6.1AI score0.00773EPSS
Exploits0References1
OSV
OSV
added 2020/08/21 8:15 p.m.22 views

CVE-2020-24590

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks...

9.1CVSS6.9AI score0.0126EPSS
Exploits0References1
OSV
OSV
added 2020/08/21 8:15 p.m.15 views

CVE-2020-24589

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection XXE attacks...

9.1CVSS7.2AI score
Exploits0References1
Rows per page
Query Builder