Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Api_manager
(Wso2)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 41 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-28 | CVE-2019-20439 | An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher. | Api_manager | 4.8 | ||
| 2020-08-21 | CVE-2020-24591 | The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0. | Api_manager, Api_manager_analytics, Api_microgateway, Enterprise_integrator, Identity_server_analytics | 6.5 | ||
| 2021-12-07 | CVE-2021-36760 | In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open redirect issue for a similar reason.) | Api_manager, Identity_server, Identity_server_as_key_manager, Iot_server | 6.1 | ||
| 2020-08-21 | CVE-2020-24589 | The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. | Api_manager, Api_microgateway | 9.1 | ||
| 2020-01-28 | CVE-2019-20442 | An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI. | Api_manager, Enterprise_integrator, Identity_server | 4.8 | ||
| 2020-01-28 | CVE-2019-20443 | An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI. | Api_manager, Enterprise_integrator, Identity_server | 4.8 | ||
| 2020-01-28 | CVE-2019-20441 | An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher. | Api_manager | 4.8 | ||
| 2020-01-28 | CVE-2019-20440 | An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher. | Api_manager | 4.8 | ||
| 2020-01-28 | CVE-2019-20438 | An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher. | Api_manager | 4.8 | ||
| 2017-09-21 | CVE-2017-14651 | WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. | Api_manager, App_manager, Application_server, Business_process_server, Business_rules_server, Complex_event_processor, Dashboard_server, Data_analytics_server, Data_services_server, Enterprise_integrator, Enterprise_mobility_manager, Governance_registry, Identity_server, Iot_server, Machine_learner, Message_broker, Storage_server | 4.8 |