17 matches found
CVE-2019-18881
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile...
EUVD-2019-8570
Malware in sbrugna...
EUVD-2020-6584
Malware in sbrugna...
CVE-2021-42646
XML External Entity XXE vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0...
Xxe
XML External Entity XXE vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0...
CVE-2020-14446
An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists...
CVE-2020-13883
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle...
Design/Logic Flaw
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as t...
CVE-2019-20442
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in roleToAuthorize has been identified in the registry UI...
CVE-2019-20442
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in roleToAuthorize has been identified in the registry UI...
Cross site scripting
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in mediaType has been identified in the registry UI...
CVE-2019-20442
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in roleToAuthorize has been identified in the registry UI...
CVE-2019-18882
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled...
CVE-2019-18881
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile...
Design/Logic Flaw
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled...
CVE-2019-18881
WSO2 Identity Server as Key Manager 5.7.0 is affected by an unauthenticated reflected XSS in the dashboard user profile (CVE-2019-18881). Exploitation details are not provided in the given documents beyond this description, and no patch/version remediation is specified here. Multiple connected so...
CVE-2019-18882
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled...