Api Manager@2.6.0 Security Vulnerabilities and Issues — Api Manager@2.6.0 CVE List

Lucene search

Wso2Api Manager2.6.0

10 matches found

CVE•added 2020/01/28 1:15 a.m.•68 views

CVE-2019-20439

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher.

4.8CVSS4.9AI score0.00459EPSS

CVE•added 2020/01/28 1:15 a.m.•65 views

CVE-2019-20434

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console.

4.8CVSS4.9AI score0.00599EPSS

CVE•added 2020/01/28 12:15 a.m.•62 views

CVE-2019-20442

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI.

4.8CVSS4.8AI score0.00481EPSS

CVE•added 2020/01/28 1:15 a.m.•61 views

CVE-2019-20436

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect while configuring ...

6.1CVSS5.9AI score0.00892EPSS

CVE•added 2020/01/28 1:15 a.m.•60 views

CVE-2019-20435

An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter.

4.8CVSS4.8AI score0.00599EPSS

CVE•added 2020/01/28 1:15 a.m.•60 views

CVE-2019-20437

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as the...

6.1CVSS5.9AI score0.01101EPSS

CVE•added 2020/01/28 12:15 a.m.•60 views

CVE-2019-20443

4.8CVSS4.8AI score0.00517EPSS

CVE•added 2020/01/28 12:15 a.m.•57 views

CVE-2019-20441

An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher.

4.8CVSS4.8AI score0.00517EPSS

CVE•added 2020/01/28 1:15 a.m.•54 views

CVE-2019-20438

An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher.

4.8CVSS4.8AI score0.00517EPSS

CVE•added 2020/01/28 12:15 a.m.•52 views

CVE-2019-20440

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher.

4.8CVSS4.9AI score0.00517EPSS