44 matches found
CVE-2025-9955
An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...
CVE-2025-9955 Improper Access Control in WSO2 Enterprise Integrator Product via SOAP Admin Services for Logs and User-Store Configuration
An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...
WSO2 Enterprise Integrator 安全漏洞
WSO2 Enterprise Integrator is an open source hybrid integration platform from WSO2, Inc. in the United States. The platform supports communication between multiple applications. A security vulnerability exists in WSO2 Enterprise Integrator that stems from insufficient privilege restrictions in th...
EUVD-2020-4224
Malware in sbrugna...
EUVD-2019-10990
Malware in sbrugna...
EUVD-2019-9204
Malware in sbrugna...
EUVD-2020-18201
Malware in sbrugna...
EUVD-2022-42254
Malicious code in bioql PyPI...
EUVD-2024-16188
Malicious code in bioql PyPI...
EUVD-2022-42255
Malicious code in bioql PyPI...
WSO2多款产品 安全漏洞
WSO2 API Manager and others are products of WSO2, Inc. of the U.S. WSO2 API Manager is a suite of API lifecycle management solutions.WSO2 Identity Server IS is an identity server.WSO2 Enterprise Integrator is a suite of open-source hybrid integration platforms.WSO2 Enterprise Integrator is a suit...
CVE-2022-39809
An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console under /carbon/mediationsecurevault/properties/ajaxprocessor.jsp via the name parameter. Session hijacking or similar attacks would not be...
CVE-2022-39810
An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console under /carbon/ndatasource/validateconnection/ajaxprocessor.jsp via the driver parameter. Session hijacking or similar attacks would not be...
CVE-2020-25516
WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting XSS vulnerability in BPMN explorer tasks...
CVE-2020-11885
WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user with admin console access can use the XML validator to make unintended network invocations such as SSRF via an uploaded file...
CVE-2019-19587
In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console...
CVE-2024-0392
A Cross-Site Request Forgery CSRF vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validation. This flaw allows attackers to craft malicious requests that can trigger state-changing operations on behalf of an authenticated user,...
CVE-2024-0392
A Cross-Site Request Forgery CSRF vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validation. This flaw allows attackers to craft malicious requests that can trigger state-changing operations on behalf of an authenticated user,...
CVE-2024-0392 Cross-Site Request Forgery (CSRF) in WSO2 Enterprise Integrator 6.6.0 Management Console Due to Missing CSRF Token Validation
A Cross-Site Request Forgery CSRF vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validation. This flaw allows attackers to craft malicious requests that can trigger state-changing operations on behalf of an authenticated user,...
CVE-2024-0392 Cross-Site Request Forgery (CSRF) in WSO2 Enterprise Integrator 6.6.0 Management Console Due to Missing CSRF Token Validation
A Cross-Site Request Forgery CSRF vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validation. This flaw allows attackers to craft malicious requests that can trigger state-changing operations on behalf of an authenticated user,...