Lucene search
K

178 matches found

Positive Technologies
Positive Technologies
added 2020/01/27 12:0 a.m.9 views

PT-2020-10447 · Wso2 · Wso2 Identity Server +2

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager version 2.6.0 WSO2 IS as Key Manager version 5.7.0 WSO2 Identity Server version 5.8.0 Description: An issue was discovered where if a claim dialect is configured with an XSS payload in the dialect URI, and a user adds this...

6.1CVSS5.9AI score0.01373EPSS
Exploits1References6
OSV
OSV
added 2019/05/21 10:29 p.m.21 views

CVE-2019-6513

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one...

5.4CVSS6.7AI score0.01369EPSS
Exploits0References3
NVD
NVD
added 2019/05/21 10:29 p.m.27 views

CVE-2019-6513

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one...

5.5CVSS5.5AI score0.01369EPSS
Exploits0References3
Prion
Prion
added 2019/05/21 10:29 p.m.11 views

Design/Logic Flaw

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one...

5.5CVSS5.5AI score0.01369EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/05/21 9:34 p.m.27 views

CVE-2019-6513

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one...

5.5AI score0.01369EPSS
Exploits0References3
Prion
Prion
added 2019/05/14 3:29 p.m.11 views

Code injection

An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user...

5CVSS5.4AI score0.0154EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/05/14 3:29 p.m.20 views

CVE-2019-6512

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation SSRF port-scanning, other adjacent workstations SSRF network scanning, or to enumerate files because of the existence of the file:// wrapper...

4.1CVSS4.5AI score0.01116EPSS
Exploits0References3
NVD
NVD
added 2019/05/14 3:29 p.m.22 views

CVE-2019-6515

An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user...

5.3CVSS5.4AI score0.0154EPSS
Exploits0References3
OSV
OSV
added 2019/05/14 3:29 p.m.15 views

CVE-2019-6512

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation SSRF port-scanning, other adjacent workstations SSRF network scanning, or to enumerate files because of the existence of the file:// wrapper...

4.1CVSS6.8AI score0.01116EPSS
Exploits0References3
CVE
CVE
added 2019/05/14 2:44 p.m.66 views

CVE-2019-6515

Technical details (affected products, components, impact, remediation) are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.3AI score0.0154EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/05/14 2:24 p.m.25 views

CVE-2019-6512

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation SSRF port-scanning, other adjacent workstations SSRF network scanning, or to enumerate files because of the existence of the file:// wrapper...

4.5AI score0.01116EPSS
Exploits0References3
NVD
NVD
added 2019/03/21 4:0 p.m.21 views

CVE-2018-20736

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product...

5.4CVSS5.3AI score0.00977EPSS
Exploits0References3
OSV
OSV
added 2019/03/21 4:0 p.m.20 views

CVE-2018-20737

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product...

5.4CVSS6AI score0.00985EPSS
Exploits0References3
Prion
Prion
added 2019/03/21 4:0 p.m.13 views

Cross site scripting

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product...

3.5CVSS5.2AI score0.00985EPSS
Exploits0References3Affected Software3
Prion
Prion
added 2019/03/21 4:0 p.m.15 views

Design/Logic Flaw

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product...

3.5CVSS5.2AI score0.00977EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/03/18 8:21 p.m.31 views

CVE-2018-20736

CVE-2018-20736 affects WSO2 API Manager 2.1.0 and 2.6.0. The issue is a DOM-based XSS in the store component. Connected sources do not provide exploitation details. The NVD entry lists CVSSv3 base score 5.4 (Medium) and network attack with user interaction required. Patches/mitigations are refere...

5.4CVSS5.2AI score0.00977EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/03/18 8:16 p.m.18 views

CVE-2018-20737

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product...

5.3AI score0.00985EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2016/10/10 12:0 a.m.15 views

WSO2 Carbon Products Detection (HTTP)

HTTP based detection of WSO2 Carbon products. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

7AI score
Exploits0References1
Rows per page
Query Builder