5 matches found
CVE-2022-29548
CVE-2022-29548 is a reflected Cross-Site Scripting (XSS) vulnerability in the WSO2 Management Console affecting API Manager and related products (e.g., API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0–3.2.0, 4.0.0; API Manager Analytics; API Microgateway; Data Analytics Server; Enterprise Integrator; IS as...
CVE-2020-17453
WSO2 Carbon Management Console
CVE-2023-6836
CVE-2023-6836 refers to an XML External Entity (XXE) vulnerability affecting multiple WSO2 products (notably WSO2 API Manager). The underlying issue is an XML parser feature that can be abused to access sensitive information. The CVSS data in the initial document shows a high impact with network ...
CVE-2025-11093
An Arbitrary Code Execution vulnerability (CVE-2025-11093) affects multiple WSO2 products due to insufficient restrictions in GraalJS and NashornJS Script Mediator engines. The issue can be triggered by authenticated users with elevated privileges, potentially executing code within the integratio...
CVE-2024-4598
CVE-2024-4598 concerns information disclosure in multiple WSO2 products caused by an improper implementation of the enrich mediator. Authenticated users may see unintended business data from other mediation contexts because the internal state is not properly isolated or cleared between executions...