EUVD-2024-55547

The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site...

CVE-2024-4867

The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site...

CVE-2024-10242

The CVE-2024-10242 entry describes a reflected cross-site scripting vulnerability in the authentication endpoint of WSO2 API Manager. The flaw stems from inadequate validation of user-supplied input that is reflected in the response, enabling an attacker to inject script payloads that execute in ...

CVE-2024-4867

The CVE-2024-4867 entry describes a cross-site scripting (XSS) vulnerability in the WSO2 API Manager developer portal. User-supplied input is not properly validated or output-encoded, enabling injection of script content executed in the user’s browser. Exploitation can cause the UI to redirect to...

CVE-2024-4867 Cross-Site Scripting via Developer Portal in WSO2 API Manager Enables UI Modification and Information Retrieval

The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site...

CVE-2024-4867 Cross-Site Scripting via Developer Portal in WSO2 API Manager Enables UI Modification and Information Retrieval

The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site...

WSO2 API Manager 安全漏洞

The WSO2 API Manager is a set of API lifecycle management solutions provided by the American company WSO2. There is a security vulnerability present in the WSO2 API Manager developer portal. This vulnerability stems from the lack of enforceable validation constraints on user inputs and output...

PT-2026-33303

The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site...

WSO2多款产品 安全漏洞

WSO2 API Manager, among others, are products of the American company WSO2. The WSO2 API Manager is a suite of API lifecycle management solutions. The WSO2 API Control Plane is a control panel. The WSO2 Traffic Manager is a component designed to regulate and manage API traffic. Several WSO2 produc...

CVE-2019-20443

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in mediaType has been identified in the registry UI...

CVE-2019-20439

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher...

CVE-2019-20440

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the update API documentation feature of the API Publisher...

CVE-2019-20435

An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter...

CVE-2019-20438

An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting XSS vulnerability has been identified in the inline API documentation editor page of the API Publisher...

CVE-2019-20434

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the Datasource creation page of the Management Console...

CVE-2019-20437

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as t...

WSO2 API Manager 安全漏洞

WSO2 API Manager is a suite of API lifecycle management solutions from US-based WSO2. A security vulnerability exists in WSO2 API Manager that stems from the Try-It feature not properly validating user-supplied URLs, which could lead to server-side request forgery and reflective cross-site...

CVE-2025-9152

An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges,...

PT-2025-42462

Name of the Vulnerable Software and Affected Versions WSO2 API Manager affected versions not specified Description A flaw exists due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. This can allow a malicious user to generat...

EUVD-2020-17307

Malware in sbrugna...