Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wso2 enterprise integrator vulnerabilities and exploits
(subscribe to this query)
490
VMScore
CVE-2020-24591
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager up to and including 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics...
Wso2 Api Manager
Wso2 Api Manager Analytics 2.2.0
Wso2 Api Manager Analytics 2.5.0
Wso2 Api Microgateway 2.2.0
Wso2 Enterprise Integrator 6.2.0
Wso2 Enterprise Integrator 6.3.0
Wso2 Identity Server Analytics
312
VMScore
CVE-2020-25516
WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks.
Wso2 Enterprise Integrator
578
VMScore
CVE-2020-11885
WSO2 Enterprise Integrator up to and including 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file.
Wso2 Enterprise Integrator
NA
CVE-2023-6911
Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.
Wso2 Api Manager 2.6.0
Wso2 Api Manager 3.0.0
Wso2 Api Manager 2.2.0
Wso2 Api Manager 3.1.0
Wso2 Api Manager 3.2.0
Wso2 Api Manager 2.5.0
Wso2 Api Manager Analytics 2.2.0
Wso2 Api Manager Analytics 2.5.0
Wso2 Api Microgateway 2.2.0
Wso2 Data Analytics Server 3.2.0
Wso2 Enterprise Integrator 6.1.1
Wso2 Enterprise Integrator 6.5.0
Wso2 Enterprise Integrator 6.2.0
Wso2 Enterprise Integrator 6.3.0
Wso2 Enterprise Integrator 6.4.0
Wso2 Enterprise Integrator 6.6.0
Wso2 Enterprise Integrator 6.1.0
Wso2 Identity Server As Key Manager 5.7.0
Wso2 Identity Server As Key Manager 5.5.0
Wso2 Identity Server As Key Manager 5.6.0
Wso2 Identity Server As Key Manager 5.9.0
Wso2 Identity Server As Key Manager 5.10.0
NA
CVE-2022-39809
An issue exists in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/mediation_secure_vault/properties/ajaxprocessor.jsp via the name parameter. Session hijacking or similar attacks w...
Wso2 Enterprise Integrator 6.4.0
NA
CVE-2022-39810
An issue exists in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/ndatasource/validateconnection/ajaxprocessor.jsp via the driver parameter. Session hijacking or similar attacks wo...
Wso2 Enterprise Integrator 6.4.0
383
VMScore
CVE-2019-19587
In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console.
Wso2 Enterprise Integrator 6.5.0
383
VMScore
CVE-2022-29548
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator...
Wso2 Api Manager 2.6.0
Wso2 Identity Server 5.7.0
Wso2 Identity Server As Key Manager 5.7.0
Wso2 Enterprise Integrator 6.5.0
Wso2 Api Microgateway 2.2.0
Wso2 Api Manager 3.0.0
Wso2 Enterprise Integrator 6.2.0
Wso2 Enterprise Integrator 6.3.0
Wso2 Api Manager Analytics 2.2.0
Wso2 Api Manager Analytics 2.5.0
Wso2 Identity Server 5.5.0
Wso2 Identity Server Analytics 5.5.0
Wso2 Data Analytics Server 3.2.0
Wso2 Identity Server As Key Manager 5.5.0
Wso2 Api Manager 2.2.0
Wso2 Api Manager 3.1.0
Wso2 Micro Integrator 1.0.0
Wso2 Identity Server Analytics 5.6.0
Wso2 Identity Server As Key Manager 5.6.0
Wso2 Identity Server As Key Manager 5.9.0
Wso2 Identity Server As Key Manager 5.10.0
Wso2 Api Manager Analytics 2.6.0
1 Github repository
312
VMScore
CVE-2019-20442
An issue exists in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI.
Wso2 Api Manager 2.6.0
Wso2 Enterprise Integrator 6.5.0
Wso2 Identity Server 5.7.0
Wso2 Identity Server 5.8.0
312
VMScore
CVE-2019-20443
An issue exists in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI.
Wso2 Api Manager 2.6.0
Wso2 Enterprise Integrator 6.5.0
Wso2 Identity Server 5.7.0
Wso2 Identity Server 5.8.0
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »