CVE-2019-15108
- EPSS 0.31%
- Published 16.08.2019 04:15:10
- Last modified 21.11.2024 04:28:03
An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.
CVE-2019-6513
- EPSS 0.31%
- Published 21.05.2019 22:29:19
- Last modified 30.05.2025 16:15:24
An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.
CVE-2019-6515
- EPSS 0.72%
- Published 14.05.2019 15:29:00
- Last modified 30.05.2025 16:15:24
An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user.
CVE-2019-6512
- EPSS 0.22%
- Published 14.05.2019 15:29:00
- Last modified 30.05.2025 16:15:23
An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the...
CVE-2018-20737
- EPSS 0.32%
- Published 21.03.2019 16:00:37
- Last modified 21.11.2024 04:02:04
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.
CVE-2018-20736
- EPSS 0.32%
- Published 21.03.2019 16:00:37
- Last modified 21.11.2024 04:02:04
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.
CVE-2017-14651
- EPSS 9.25%
- Published 21.09.2017 18:29:00
- Last modified 20.04.2025 01:37:25
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.