178 matches found
Exploit for Path Traversal in Wso2 Api_Manager
WSO2 Carbon Server CVE-2022-29464 Pre-auth R...
Exploit for Path Traversal in Wso2 Api_Manager
CVE-2022-29464 WSO2 RCE CVE-2022-29464 exploit. Details C...
Exploit for Path Traversal in Wso2 Api_Manager
CVE-2022-29464 WSO2 RCE CVE-2022-29464 exploit and writeup...
WSO2 API Manager 路径遍历漏洞
WSO2 API Manager is an API lifecycle management solution from US-based WSO2. WSO2 API Manager suffers from a path traversal vulnerability that allows unlimited file uploads and remote code execution...
CVE-2022-29464
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps...
(0Day) WSO2 API Manager JMX Use of Hard-coded Credentials Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of WSO2 API Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JMX RMI service, which listens on TCP port 11111 by default. The service contains a...
Exploit for Cross-site Scripting in Wso2 Api_Manager
CVE-2020-17453 WSO2 Management Console through 5.1...
WSO2 API Manager Cross-Site Scripting Vulnerability (CNVD-2020-60481)
WSO2 API Manager is a suite of API lifecycle management solutions from WSO2, Inc. WSO2 API Manager 3.1.0 suffers from a cross-site scripting vulnerability, which can be exploited to hijack a logged-in user's session by stealing a cookie, changing the logged-in user's password while maintaining...
CVE-2020-27885
Cross-Site Scripting XSS vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of th...
CVE-2020-27885
Cross-Site Scripting XSS vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of th...
Cross site scripting
Cross-Site Scripting XSS vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of th...
CVE-2020-27885
WSO2 API Manager 3.1.0 is affected by a Cross-Site Scripting (XSS) vulnerability. A malicious user can inject and execute script via the authenticationEndpointURL parameter in FileBasedConfigurationBuilder.java (readAuthenticationEndpointURL), enabling session hijacking by stealing cookies, which...
CVE-2020-27885
Cross-Site Scripting XSS vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of th...
WSO API Manager Cross-Site Scripting Vulnerability
WSO2 API Manager is a suite of API lifecycle management solutions from WSO2, Inc. A cross-site scripting vulnerability exists in WSO2 API Manager version 3.1.0 and earlier versions, which originates from the failure to filter user input in the owner POST parameter of the administration interface ...
CVE-2020-17454
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...
CVE-2020-17454
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...
Cross site request forgery (csrf)
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...
CVE-2020-17454
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...
CVE-2020-24590
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks...
CVE-2020-24589
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection XXE attacks...