49 matches found
WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks
An XML External Entity XXE vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities. A successful attack could enable a remote,...
EUVD-2016-5315
Malware in sbrugna...
EUVD-2016-5316
Malware in sbrugna...
EUVD-2022-7654
Malicious code in bioql PyPI...
EUVD-2022-7634
Malicious code in bioql PyPI...
Incorrect Authorization
Overview org.wso2.carbon:org.wso2.carbon.user.core is a component of the next-generation WSO2 Carbon platform Affected versions of this package are vulnerable to Incorrect Authorization via flawed authorization logic in the isUserAuthorized function in the file JDBCAuthorizationManager.java. An...
Cross-site Scripting (XSS)
Overview org.wso2.carbon.identity.framework:org.wso2.carbon.identity.user.store.configuration.ui is an User Store UI component for WSO2 Carbon Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient output encoding in error messages generated by the JDBC...
CVE-2022-4520
A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the...
CVE-2022-4521
A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...
GHSA-J34R-57XJ-PFM5 WSO2 carbon-registry Cross-site Scripting vulnerability
A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the...
CVE-2022-4521
A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...
CVE-2022-4520
A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the...
CVE-2022-4521
A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...
Cross site scripting
A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...
Cross site scripting
A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the...
CVE-2022-4521 WSO2 carbon-registry Request Parameter cross site scripting
A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...
PT-2022-27428 · Wso2 · Wso2 Carbon-Registry
Name of the Vulnerable Software and Affected Versions: WSO2 carbon-registry versions up to 4.8.11 Description: A vulnerability was found in the Advanced Search component of WSO2 carbon-registry, affecting some unknown functionality of the file...
CVE-2022-4520 WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting
A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the...
CVE-2022-4521 WSO2 carbon-registry Request Parameter cross site scripting
A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...
CVE-2022-4520 WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting
A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the...