6.1
CVE-2020-24704
- EPSS 0.19%
- Published 27.08.2020 16:15:11
- Last modified 21.11.2024 05:15:52
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.
Data is provided by the National Vulnerability Database (NVD)
Wso2 ≫ Api Manager Version2.2.0
Wso2 ≫ Api Manager Analytics Version2.2.0
Wso2 ≫ Api Microgateway Version2.2.0
Wso2 ≫ Data Analytics Server Version3.2.0
Wso2 ≫ Enterprise Integrator Version <= 6.6.0
Wso2 ≫ Identity Server Version5.5.0
Wso2 ≫ Identity Server Version5.8.0
Wso2 ≫ Identity Server Analytics Version5.5.0
Wso2 ≫ Identity Server As Key Manager Version5.5.0
Wso2 ≫ Iot Server Version3.3.0
Wso2 ≫ Iot Server Version3.3.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.408 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
| cve@mitre.org | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.