Api Manager Security Vulnerabilities and Issues — Api Manager CVE List

Lucene search

Wso2Api Manager

12 matches found

CVE•added 2019/08/16 4:15 a.m.•130 views

CVE-2019-15108

An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.

4.8CVSS4.7AI score0.0031EPSS

CVE•added 2020/01/28 1:15 a.m.•68 views

CVE-2019-20439

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher.

4.8CVSS4.9AI score0.00459EPSS

CVE•added 2020/01/28 1:15 a.m.•65 views

CVE-2019-20434

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console.

4.8CVSS4.9AI score0.00599EPSS

CVE•added 2020/01/28 12:15 a.m.•62 views

CVE-2019-20442

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI.

4.8CVSS4.8AI score0.00481EPSS

CVE•added 2020/01/28 1:15 a.m.•60 views

CVE-2019-20435

An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter.

4.8CVSS4.8AI score0.00599EPSS

CVE•added 2020/01/28 12:15 a.m.•60 views

CVE-2019-20443

4.8CVSS4.8AI score0.00517EPSS

CVE•added 2020/01/28 12:15 a.m.•57 views

CVE-2019-20441

An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher.

4.8CVSS4.8AI score0.00517EPSS

CVE•added 2017/09/21 6:29 p.m.•56 views

CVE-2017-14651

WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.

4.8CVSS4.7AI score0.09251EPSS

CVE•added 2020/01/28 1:15 a.m.•54 views

CVE-2019-20438

An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher.

4.8CVSS4.8AI score0.00517EPSS

CVE•added 2023/12/18 9:15 a.m.•53 views

CVE-2023-6911

Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.

4.8CVSS5AI score0.00347EPSS

CVE•added 2020/01/28 12:15 a.m.•52 views

CVE-2019-20440

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher.

4.8CVSS4.9AI score0.00517EPSS

CVE•added 2019/05/14 3:29 p.m.•35 views

CVE-2019-6512

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper.

4.1CVSS4.4AI score0.00224EPSS