Wso2

Api Manager

57 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2019-20437

Exploit
  • EPSS 1.1%
  • Published 28.01.2020 01:15:12
  • Last modified 21.11.2024 04:38:28

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets execu...

4.8

CVE-2019-20438

Exploit
  • EPSS 0.52%
  • Published 28.01.2020 01:15:12
  • Last modified 21.11.2024 04:38:28

An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher.

4.8

CVE-2019-20439

Exploit
  • EPSS 0.46%
  • Published 28.01.2020 01:15:12
  • Last modified 21.11.2024 04:38:29

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher.

6.1

CVE-2019-20436

Exploit
  • EPSS 0.89%
  • Published 28.01.2020 01:15:11
  • Last modified 21.11.2024 04:38:28

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the ...

4.8

CVE-2019-20435

Exploit
  • EPSS 0.6%
  • Published 28.01.2020 01:15:11
  • Last modified 21.11.2024 04:38:28

An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter.

4.8

CVE-2019-20434

Exploit
  • EPSS 0.6%
  • Published 28.01.2020 01:15:11
  • Last modified 21.11.2024 04:38:28

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console.

4.8

CVE-2019-20443

Exploit
  • EPSS 0.52%
  • Published 28.01.2020 00:15:10
  • Last modified 21.11.2024 04:38:29

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the reg...

4.8

CVE-2019-20442

Exploit
  • EPSS 0.48%
  • Published 28.01.2020 00:15:10
  • Last modified 21.11.2024 04:38:29

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in t...

4.8

CVE-2019-20441

Exploit
  • EPSS 0.52%
  • Published 28.01.2020 00:15:10
  • Last modified 21.11.2024 04:38:29

An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher.

4.8

CVE-2019-20440

Exploit
  • EPSS 0.52%
  • Published 28.01.2020 00:15:10
  • Last modified 21.11.2024 04:38:29

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher.