11 matches found
CVE-2022-29548
CVE-2022-29548 is a reflected Cross-Site Scripting (XSS) vulnerability in the WSO2 Management Console affecting API Manager and related products (e.g., API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0–3.2.0, 4.0.0; API Manager Analytics; API Microgateway; Data Analytics Server; Enterprise Integrator; IS as...
CVE-2020-12719
CVE-2020-12719 describes an XXE condition that can occur during an EventPublisher update in the Management Console of several WSO2 products. Affected products and versions include WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integ...
CVE-2020-17453
WSO2 Carbon Management Console
CVE-2020-24591
The CVE concerns an XML External Entity (XXE) vulnerability in the Management Console of several WSO2 products during EventReceiver updates. Affected are API Manager up to 3.0.0; API Manager Analytics 2.2.0 and 2.5.0; API Microgateway 2.2.0; Enterprise Integrator 6.2.0 and 6.3.0; and Identity Ser...
CVE-2023-6911
CVE-2023-6911 affects WSO2 products, with the root cause described as improper output encoding in the Registry feature of the Management Console, enabling a Stored Cross Site Scripting (XSS) payload injection. The issue is documented across multiple sources (including Red Hat, Veracode, GHSA/osv ...
CVE-2023-6836
CVE-2023-6836 refers to an XML External Entity (XXE) vulnerability affecting multiple WSO2 products (notably WSO2 API Manager). The underlying issue is an XML parser feature that can be abused to access sensitive information. The CVSS data in the initial document shows a high impact with network ...
CVE-2020-24705
CVE-2020-24705 describes a session hijacking vulnerability in several WSO2 products where a valid Carbon Management Console session cookie can be sent to an attacker-controlled server after a crafted Try It request. Affected are WSO2 API Manager (through 3.1.0), API Manager Analytics (2.5.0), IS ...
CVE-2020-24703
CVE-2020-24703 affects multiple WSO2 products: API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0–...
CVE-2020-24704
CVE-2020-24704 is a reflected XSS vulnerability affecting multiple WSO2 products (API Manager, API Manager Analytics, API Microgateway, Data Analytics Server, Enterprise Integrator, IS as Key Manager, Identity Server/Analytics, and IoT Server) with versions listed in the Initial description. The ...
CVE-2020-24706
WSO2 advisory CVE-2020-24706 affects API Manager (through 3.1.0), API Manager Analytics (2.5.0), IS as Key Manager (through 5.10.0), Identity Server (through 5.10.0), Identity Server Analytics (through 5.6.0), and IoT Server (3.1.0). Root cause: Try It tool allows Reflected XSS. Impact: potential...
CVE-2025-9804
The CVE-2025-9804 entry concerns multiple WSO2 products (e.g., API Manager family) with an improper access-control flaw due to insufficient permission enforcement in internal SOAP Admin Services and System REST APIs. The root cause is limited access-control checks on internal interfaces, allowing...