Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wso2 vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2016-4314
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp.
Wso2 Carbon 4.4.5
1 EDB exploit
5.7
CVSSv3
CVE-2016-4315
Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote malicious users to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp.
Wso2 Carbon 4.4.5
1 EDB exploit
6.1
CVSSv3
CVE-2016-4316
Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.j...
Wso2 Carbon 4.4.5
1 EDB exploit
5.4
CVSSv3
CVE-2020-25516
WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks.
Wso2 Enterprise Integrator
4.8
CVSSv3
CVE-2019-15108
An issue exists in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.
Wso2 Api Manager
6.1
CVSSv3
CVE-2023-31664
A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager prior to 4.2.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter.
Wso2 Api Manager
1 Github repository
4.8
CVSSv3
CVE-2019-20441
An issue exists in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher.
Wso2 Api Manager 2.6.0
6.1
CVSSv3
CVE-2019-19587
In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console.
Wso2 Enterprise Integrator 6.5.0
4.8
CVSSv3
CVE-2019-6514
An issue exists in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS.
Wso2 Dashboard Server 2.0.0
5.3
CVSSv3
CVE-2019-6515
An issue exists in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user.
Wso2 Api Manager 2.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »