Lucene search
K

49 matches found

Github Security Blog
Github Security Blog
added 2025/11/05 6:31 p.m.8 views

WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks

An XML External Entity XXE vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities. A successful attack could enable a remote,...

9.1CVSS6.8AI score0.00415EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-5315

Malware in sbrugna...

5.7CVSS5.6AI score0.02827EPSS
Exploits5References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-5316

Malware in sbrugna...

6.1CVSS6.1AI score0.03998EPSS
Exploits5References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-7654

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00653EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-7634

Malicious code in bioql PyPI...

6.1CVSS4.7AI score0.00568EPSS
Exploits0References7
Snyk
Snyk
added 2025/06/23 9:41 a.m.2 views

Incorrect Authorization

Overview org.wso2.carbon:org.wso2.carbon.user.core is a component of the next-generation WSO2 Carbon platform Affected versions of this package are vulnerable to Incorrect Authorization via flawed authorization logic in the isUserAuthorized function in the file JDBCAuthorizationManager.java. An...

5.3CVSS6.9AI score0.00174EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/02 6:30 p.m.4 views

Cross-site Scripting (XSS)

Overview org.wso2.carbon.identity.framework:org.wso2.carbon.identity.user.store.configuration.ui is an User Store UI component for WSO2 Carbon Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient output encoding in error messages generated by the JDBC...

6.1CVSS5.2AI score0.00452EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 12:33 a.m.12 views

CVE-2022-4520

A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the...

6.1CVSS6.2AI score0.00653EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:32 a.m.7 views

CVE-2022-4521

A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...

6.1CVSS6.2AI score0.00568EPSS
Exploits0References1
OSV
OSV
added 2022/12/15 9:30 p.m.30 views

GHSA-J34R-57XJ-PFM5 WSO2 carbon-registry Cross-site Scripting vulnerability

A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the...

6.1CVSS4.7AI score0.00653EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2022/12/15 9:15 p.m.5 views

CVE-2022-4521

A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...

6.1CVSS3.6AI score0.00568EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/12/15 9:15 p.m.23 views

CVE-2022-4520

A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the...

6.1CVSS0.00653EPSS
Exploits1References4
NVD
NVD
added 2022/12/15 9:15 p.m.29 views

CVE-2022-4521

A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...

6.1CVSS0.00568EPSS
Exploits0References4
Prion
Prion
added 2022/12/15 9:15 p.m.22 views

Cross site scripting

A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...

5.8CVSS6AI score0.00568EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/12/15 9:15 p.m.25 views

Cross site scripting

A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the...

5.8CVSS6AI score0.00653EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2022/12/15 12:0 a.m.33 views

CVE-2022-4521 WSO2 carbon-registry Request Parameter cross site scripting

A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...

3.5CVSS6.2AI score0.00568EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/12/15 12:0 a.m.8 views

PT-2022-27428 · Wso2 · Wso2 Carbon-Registry

Name of the Vulnerable Software and Affected Versions: WSO2 carbon-registry versions up to 4.8.11 Description: A vulnerability was found in the Advanced Search component of WSO2 carbon-registry, affecting some unknown functionality of the file...

6.1CVSS5.8AI score0.00653EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2022/12/15 12:0 a.m.7 views

CVE-2022-4520 WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting

A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the...

3.5CVSS6.2AI score0.00653EPSS
Exploits1References4
OSV
OSV
added 2022/12/15 12:0 a.m.12 views

CVE-2022-4521 WSO2 carbon-registry Request Parameter cross site scripting

A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...

3.5CVSS3.9AI score0.00568EPSS
Exploits0References6
OSV
OSV
added 2022/12/15 12:0 a.m.17 views

CVE-2022-4520 WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting

A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the...

3.5CVSS4.2AI score0.00653EPSS
Exploits1References6
Rows per page
Query Builder