Identity Server@5.7.0 Security Vulnerabilities and Issues — Identity Server@5.7.0 CVE List

Lucene search

Wso2Identity Server5.7.0

4 matches found

CVE•added 2020/01/28 12:15 a.m.•62 views

CVE-2019-20442

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI.

4.8CVSS4.8AI score0.00481EPSS

CVE•added 2020/01/28 1:15 a.m.•61 views

CVE-2019-20436

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect while configuring ...

6.1CVSS5.9AI score0.00892EPSS

CVE•added 2020/01/28 1:15 a.m.•60 views

CVE-2019-20437

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as the...

6.1CVSS5.9AI score0.01101EPSS

CVE•added 2020/01/28 12:15 a.m.•60 views

CVE-2019-20443

4.8CVSS4.8AI score0.00517EPSS