Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wso2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-13226
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet.
Wso2 Api Manager 3.0.0
6.1
CVSSv3
CVE-2019-19587
In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console.
Wso2 Enterprise Integrator 6.5.0
4.8
CVSSv3
CVE-2019-20434
An issue exists in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console.
Wso2 Api Manager 2.6.0
4.8
CVSSv3
CVE-2019-20441
An issue exists in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher.
Wso2 Api Manager 2.6.0
6.1
CVSSv3
CVE-2022-39809
An issue exists in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/mediation_secure_vault/properties/ajaxprocessor.jsp via the name parameter. Session hijacking or similar attacks w...
Wso2 Enterprise Integrator 6.4.0
6.1
CVSSv3
CVE-2022-39810
An issue exists in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/ndatasource/validateconnection/ajaxprocessor.jsp via the driver parameter. Session hijacking or similar attacks wo...
Wso2 Enterprise Integrator 6.4.0
5.3
CVSSv3
CVE-2019-6515
An issue exists in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user.
Wso2 Api Manager 2.6.0
6.1
CVSSv3
CVE-2016-4327
Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO.
Wso2 Enablement Server For Java
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7