Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Api_manager
(Wso2)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 41 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-28 | CVE-2019-20435 | An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter. | Api_manager | 4.8 | ||
| 2020-01-28 | CVE-2019-20437 | An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as the provisioning claim in the advanced claim configuration of the same Identity Provider. The attacker also needs to have privileges to log in to the management console, and to add and update identity... | Api_manager, Identity_server | 6.1 | ||
| 2020-01-28 | CVE-2019-20439 | An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher. | Api_manager | 4.8 | ||
| 2020-01-28 | CVE-2019-20442 | An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI. | Api_manager, Enterprise_integrator, Identity_server | 4.8 | ||
| 2020-01-28 | CVE-2019-20443 | An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI. | Api_manager, Enterprise_integrator, Identity_server | 4.8 | ||
| 2020-01-28 | CVE-2019-20441 | An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher. | Api_manager | 4.8 | ||
| 2020-01-28 | CVE-2019-20440 | An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher. | Api_manager | 4.8 | ||
| 2020-01-28 | CVE-2019-20438 | An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher. | Api_manager | 4.8 | ||
| 2017-09-21 | CVE-2017-14651 | WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. | Api_manager, App_manager, Application_server, Business_process_server, Business_rules_server, Complex_event_processor, Dashboard_server, Data_analytics_server, Data_services_server, Enterprise_integrator, Enterprise_mobility_manager, Governance_registry, Identity_server, Iot_server, Machine_learner, Message_broker, Storage_server | 4.8 | ||
| 2019-03-21 | CVE-2018-20737 | An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. | Api_manager, Identity_server, Identity_server_as_key_manager | 5.4 |