Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api manager vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-17454
WSO2 API Manager 3.1.0 and previous versions has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in pla...
Wso2 Api Manager
3.5
CVSSv2
CVE-2019-15108
An issue exists in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.
Wso2 Api Manager
NA
CVE-2023-31664
A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager prior to 4.2.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter.
Wso2 Api Manager
1 Github repository
4
CVSSv2
CVE-2019-6512
An issue exists in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper.
Wso2 Api Manager 2.6.0
5.5
CVSSv2
CVE-2019-6513
An issue exists in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.
Wso2 Api Manager 2.6.0
5
CVSSv2
CVE-2019-6515
An issue exists in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user.
Wso2 Api Manager 2.6.0
3.5
CVSSv2
CVE-2018-20736
An issue exists in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.
Wso2 Api Manager 2.6.0
3.5
CVSSv2
CVE-2019-20435
An issue exists in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter.
Wso2 Api Manager 2.6.0
3.5
CVSSv2
CVE-2019-20438
An issue exists in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher.
Wso2 Api Manager 2.6.0
3.5
CVSSv2
CVE-2019-20439
An issue exists in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher.
Wso2 Api Manager 2.6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »