178 matches found
PT-2020-10447 · Wso2 · Wso2 Identity Server +2
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager version 2.6.0 WSO2 IS as Key Manager version 5.7.0 WSO2 Identity Server version 5.8.0 Description: An issue was discovered where if a claim dialect is configured with an XSS payload in the dialect URI, and a user adds this...
CVE-2019-6513
An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one...
CVE-2019-6513
An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one...
Design/Logic Flaw
An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one...
CVE-2019-6513
An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one...
Code injection
An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user...
CVE-2019-6512
An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation SSRF port-scanning, other adjacent workstations SSRF network scanning, or to enumerate files because of the existence of the file:// wrapper...
CVE-2019-6515
An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user...
CVE-2019-6512
An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation SSRF port-scanning, other adjacent workstations SSRF network scanning, or to enumerate files because of the existence of the file:// wrapper...
CVE-2019-6515
Technical details (affected products, components, impact, remediation) are not publicly available in the provided documents. Monitor for updates.
CVE-2019-6512
An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation SSRF port-scanning, other adjacent workstations SSRF network scanning, or to enumerate files because of the existence of the file:// wrapper...
CVE-2018-20736
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product...
CVE-2018-20737
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product...
Cross site scripting
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product...
Design/Logic Flaw
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product...
CVE-2018-20736
CVE-2018-20736 affects WSO2 API Manager 2.1.0 and 2.6.0. The issue is a DOM-based XSS in the store component. Connected sources do not provide exploitation details. The NVD entry lists CVSSv3 base score 5.4 (Medium) and network attack with user interaction required. Patches/mitigations are refere...
CVE-2018-20737
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product...
WSO2 Carbon Products Detection (HTTP)
HTTP based detection of WSO2 Carbon products. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...