Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wso2 vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2016-4312
XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forg...
Wso2 Identity Server 5.1.0
1 EDB exploit
490
VMScore
CVE-2019-6513
An issue exists in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.
Wso2 Api Manager 2.6.0
312
VMScore
CVE-2019-6514
An issue exists in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS.
Wso2 Dashboard Server 2.0.0
445
VMScore
CVE-2019-6516
An issue exists in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation (port-scanning) and to perform requests to adjacent workstations (network-scanning), aka SSRF.
Wso2 Dashboard Server 2.0.0
312
VMScore
CVE-2019-20434
An issue exists in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console.
Wso2 Api Manager 2.6.0
312
VMScore
CVE-2019-20435
An issue exists in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter.
Wso2 Api Manager 2.6.0
312
VMScore
CVE-2019-20438
An issue exists in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher.
Wso2 Api Manager 2.6.0
312
VMScore
CVE-2019-20440
An issue exists in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher.
Wso2 Api Manager 2.6.0
312
VMScore
CVE-2019-20441
An issue exists in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher.
Wso2 Api Manager 2.6.0
685
VMScore
CVE-2016-4311
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote malicious users to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request.
Wso2 Identity Server 5.1.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »