11 matches found
CVE-2022-29548
CVE-2022-29548 is a reflected Cross-Site Scripting (XSS) vulnerability in the WSO2 Management Console affecting API Manager and related products (e.g., API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0–3.2.0, 4.0.0; API Manager Analytics; API Microgateway; Data Analytics Server; Enterprise Integrator; IS as...
CVE-2020-24590
The CVE-2020-24590 entry affects the WSO2 API Manager Management Console (versions up to 3.1.0) and API Microgateway (2.2.0). It stems from XML Entity Expansion/XEE in the XML processing path, enabling attackers to cause denial of service or crash the system, with examples indicating unauthentica...
CVE-2020-13883
CVE-2020-13883 affects WSO2 product family: WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier. The vulnerability is an XML External Entity (XXE) flaw in the Management Console during the addition or update of a Lifecycle. Connected sourc...
CVE-2020-12719
CVE-2020-12719 describes an XXE condition that can occur during an EventPublisher update in the Management Console of several WSO2 products. Affected products and versions include WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integ...
CVE-2020-17453
WSO2 Carbon Management Console
CVE-2020-24589
CVE-2020-24589 affects WSO2 API Manager up to 3.1.0 and API Microgateway 2.2.0 with XML External Entity (XXE) injection in the Management Console. The vulnerability arises from improper XML parsing, potentially allowing access to server files and interaction with backend systems. In practice, CVE...
CVE-2020-24591
The CVE concerns an XML External Entity (XXE) vulnerability in the Management Console of several WSO2 products during EventReceiver updates. Affected are API Manager up to 3.0.0; API Manager Analytics 2.2.0 and 2.5.0; API Microgateway 2.2.0; Enterprise Integrator 6.2.0 and 6.3.0; and Identity Ser...
CVE-2023-6911
CVE-2023-6911 affects WSO2 products, with the root cause described as improper output encoding in the Registry feature of the Management Console, enabling a Stored Cross Site Scripting (XSS) payload injection. The issue is documented across multiple sources (including Red Hat, Veracode, GHSA/osv ...
CVE-2023-6836
CVE-2023-6836 refers to an XML External Entity (XXE) vulnerability affecting multiple WSO2 products (notably WSO2 API Manager). The underlying issue is an XML parser feature that can be abused to access sensitive information. The CVSS data in the initial document shows a high impact with network ...
CVE-2020-24703
CVE-2020-24703 affects multiple WSO2 products: API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0–...
CVE-2020-24704
CVE-2020-24704 is a reflected XSS vulnerability affecting multiple WSO2 products (API Manager, API Manager Analytics, API Microgateway, Data Analytics Server, Enterprise Integrator, IS as Key Manager, Identity Server/Analytics, and IoT Server) with versions listed in the Initial description. The ...