Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wso2 api manager vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2019-20437
An issue exists in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect...
Wso2 Api Manager 2.6.0
Wso2 Identity Server 5.7.0
Wso2 Identity Server 5.8.0
356
VMScore
CVE-2019-6512
An issue exists in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper.
Wso2 Api Manager 2.6.0
312
VMScore
CVE-2019-20434
An issue exists in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console.
Wso2 Api Manager 2.6.0
312
VMScore
CVE-2019-20435
An issue exists in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter.
Wso2 Api Manager 2.6.0
312
VMScore
CVE-2019-20438
An issue exists in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher.
Wso2 Api Manager 2.6.0
312
VMScore
CVE-2019-20439
An issue exists in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher.
Wso2 Api Manager 2.6.0
312
VMScore
CVE-2019-20442
An issue exists in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI.
Wso2 Api Manager 2.6.0
Wso2 Enterprise Integrator 6.5.0
Wso2 Identity Server 5.7.0
Wso2 Identity Server 5.8.0
312
VMScore
CVE-2019-20441
An issue exists in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher.
Wso2 Api Manager 2.6.0
312
VMScore
CVE-2019-20440
An issue exists in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher.
Wso2 Api Manager 2.6.0
312
VMScore
CVE-2019-20443
An issue exists in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI.
Wso2 Api Manager 2.6.0
Wso2 Enterprise Integrator 6.5.0
Wso2 Identity Server 5.7.0
Wso2 Identity Server 5.8.0
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »