Lucene search
K

11 matches found

Prion
Prion
added 2022/04/21 2:15 a.m.18 views

Cross site scripting

A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0,...

4.3CVSS5.9AI score0.41078EPSS
Exploits5References3Affected Software9
OSV
OSV
added 2022/04/21 12:0 a.m.22 views

CVE-2022-29548

A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0,...

4.6CVSS5.9AI score0.41078EPSS
Exploits5References5
NVD
NVD
added 2020/08/27 4:15 p.m.31 views

CVE-2020-24706

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0...

6.1CVSS6.3AI score0.0079EPSS
Exploits0References2
OSV
OSV
added 2020/08/27 4:15 p.m.24 views

CVE-2020-24705

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key...

8.8CVSS6.7AI score
Exploits0References1
OSV
OSV
added 2020/08/27 4:15 p.m.21 views

CVE-2020-24706

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0...

6.1CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2020/08/27 4:15 p.m.24 views

CVE-2020-24705

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key...

8.8CVSS8.5AI score0.0105EPSS
Exploits0References1
Prion
Prion
added 2020/08/27 4:15 p.m.23 views

Cross site scripting

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0,...

4.3CVSS6.2AI score0.00722EPSS
Exploits0References1Affected Software9
Cvelist
Cvelist
added 2020/08/27 12:0 a.m.33 views

CVE-2020-24706

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0...

6.1CVSS6.3AI score0.0079EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/08/27 12:0 a.m.33 views

CVE-2020-24704

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0,...

6.1CVSS6.3AI score0.00722EPSS
Exploits0References1
OSV
OSV
added 2020/05/08 12:15 a.m.20 views

CVE-2020-12719

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity...

7.2CVSS6.9AI score
Exploits0References1
OSV
OSV
added 2020/01/28 12:15 a.m.19 views

CVE-2019-20442

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in roleToAuthorize has been identified in the registry UI...

4.8CVSS5.5AI score0.00729EPSS
Exploits1References3
Rows per page
Query Builder