Api Manager@2.6.0 Security Vulnerabilities and Issues — Api Manager@2.6.0 CVE List

Lucene search

Wso2Api Manager2.6.0

19 matches found

CVE•added 2022/05/11 6:15 p.m.•1594 views

CVE-2021-42646

XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0. All...

9.1CVSS9AI score0.01274EPSS

CVE•added 2022/04/21 2:15 a.m.•710 views

CVE-2022-29548

A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4....

6.1CVSS5.8AI score0.79277EPSS

CVE•added 2020/01/28 1:15 a.m.•68 views

CVE-2019-20439

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher.

4.8CVSS4.9AI score0.00459EPSS

CVE•added 2020/01/28 1:15 a.m.•65 views

CVE-2019-20434

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console.

4.8CVSS4.9AI score0.00599EPSS

CVE•added 2020/01/28 12:15 a.m.•62 views

CVE-2019-20442

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI.

4.8CVSS4.8AI score0.00481EPSS

CVE•added 2020/01/28 1:15 a.m.•61 views

CVE-2019-20436

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect while configuring ...

6.1CVSS5.9AI score0.00892EPSS

CVE•added 2020/01/28 1:15 a.m.•60 views

CVE-2019-20435

An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter.

4.8CVSS4.8AI score0.00599EPSS

CVE•added 2020/01/28 1:15 a.m.•60 views

CVE-2019-20437

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as the...

6.1CVSS5.9AI score0.01101EPSS

CVE•added 2020/01/28 12:15 a.m.•60 views

CVE-2019-20443

4.8CVSS4.8AI score0.00517EPSS

CVE•added 2020/01/28 12:15 a.m.•57 views

CVE-2019-20441

An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher.

4.8CVSS4.8AI score0.00517EPSS

CVE•added 2020/01/28 1:15 a.m.•54 views

CVE-2019-20438

An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher.

4.8CVSS4.8AI score0.00517EPSS

CVE•added 2023/12/18 9:15 a.m.•53 views

CVE-2023-6911

Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.

4.8CVSS5AI score0.00347EPSS

CVE•added 2020/01/28 12:15 a.m.•52 views

CVE-2019-20440

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher.

4.8CVSS4.9AI score0.00517EPSS

CVE•added 2019/05/14 3:29 p.m.•51 views

CVE-2019-6515

An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user.

5.3CVSS5.3AI score0.0072EPSS

CVE•added 2019/05/21 10:29 p.m.•38 views

CVE-2019-6513

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.

5.5CVSS5.4AI score0.00326EPSS

CVE•added 2023/12/15 10:15 a.m.•36 views

CVE-2023-6835

Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.

5.3CVSS5.3AI score0.00246EPSS

CVE•added 2019/05/14 3:29 p.m.•35 views

CVE-2019-6512

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper.

4.1CVSS4.4AI score0.00224EPSS

CVE•added 2019/03/21 4:0 p.m.•30 views

CVE-2018-20737

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.

5.4CVSS5.2AI score0.00324EPSS

CVE•added 2019/03/21 4:0 p.m.•18 views

CVE-2018-20736

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.

5.4CVSS5.2AI score0.00318EPSS