Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wso2 vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-15108
An issue exists in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.
Wso2 Api Manager
405
VMScore
CVE-2016-4314
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp.
Wso2 Carbon 4.4.5
1 EDB exploit
435
VMScore
CVE-2016-4316
Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.j...
Wso2 Carbon 4.4.5
1 EDB exploit
NA
CVE-2022-4520
A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor...
Wso2 Carbon-registry
NA
CVE-2022-4521
A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profile_menu leads to cross site scripting. It is ...
Wso2 Carbon-registry
383
VMScore
CVE-2019-10797
Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled.
Wso2 Transport-http
383
VMScore
CVE-2020-27885
Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password a...
Wso2 Api Manager 3.1.0
490
VMScore
CVE-2019-6513
An issue exists in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.
Wso2 Api Manager 2.6.0
312
VMScore
CVE-2019-6514
An issue exists in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS.
Wso2 Dashboard Server 2.0.0
445
VMScore
CVE-2019-6516
An issue exists in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation (port-scanning) and to perform requests to adjacent workstations (network-scanning), aka SSRF.
Wso2 Dashboard Server 2.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »