Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api manager vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-6838
Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.
Wso2 Api Manager 3.1.0
Wso2 Api Manager 3.2.0
Wso2 Identity Server As Key Manager 5.10.0
Wso2 Identity Server 5.10.0
6.1
CVSSv3
CVE-2023-31664
A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager prior to 4.2.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter.
Wso2 Api Manager
1 Github repository
4.8
CVSSv3
CVE-2019-15108
An issue exists in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.
Wso2 Api Manager
6.1
CVSSv3
CVE-2020-17454
WSO2 API Manager 3.1.0 and previous versions has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in pla...
Wso2 Api Manager
4.8
CVSSv3
CVE-2019-20438
An issue exists in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher.
Wso2 Api Manager 2.6.0
4.8
CVSSv3
CVE-2019-20439
An issue exists in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher.
Wso2 Api Manager 2.6.0
4.8
CVSSv3
CVE-2019-20440
An issue exists in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher.
Wso2 Api Manager 2.6.0
4.8
CVSSv3
CVE-2019-20441
An issue exists in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher.
Wso2 Api Manager 2.6.0
6.1
CVSSv3
CVE-2020-27885
Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password a...
Wso2 Api Manager 3.1.0
5.4
CVSSv3
CVE-2018-20736
An issue exists in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.
Wso2 Api Manager 2.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »