Vulnerabilities > Wso2

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-23	CVE-2023-31664	Cross-site Scripting vulnerability in Wso2 API Manager A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter. network low complexity wso2 CWE-79	6.1
2022-12-15	CVE-2022-4521	Cross-site Scripting vulnerability in Wso2 Carbon-Registry A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. network low complexity wso2 CWE-79	6.1
2022-05-11	CVE-2021-42646	XXE vulnerability in Wso2 products XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0. network low complexity wso2 CWE-611 critical	9.1
2022-04-21	CVE-2022-29548	Cross-site Scripting vulnerability in Wso2 products A reflected XSS issue exists in the Management Console of several WSO2 products. network low complexity wso2 CWE-79	6.1
2022-04-18	CVE-2022-29464	Unrestricted Upload of File with Dangerous Type vulnerability in Wso2 products Certain WSO2 products allow unrestricted file upload with resultant remote code execution. network low complexity wso2 CWE-434 critical	10.0
2021-12-07	CVE-2021-36760	Cross-site Scripting vulnerability in Wso2 products In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. network wso2 CWE-79	4.3
2021-04-05	CVE-2020-17453	Cross-site Scripting vulnerability in Wso2 products WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter. network wso2 CWE-79	4.3
2020-10-29	CVE-2020-27885	Cross-site Scripting vulnerability in Wso2 API Manager 3.1.0 Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. network wso2 CWE-79	4.3
2020-10-29	CVE-2020-25516	Cross-site Scripting vulnerability in Wso2 Enterprise Integrator 6.4.0/6.5.0/6.6.0 WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks. network wso2 CWE-79	3.5
2020-10-21	CVE-2020-17454	Cross-site Scripting vulnerability in Wso2 API Manager WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. network wso2 CWE-79	4.3

Vulnerabilities > Wso2 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Wso2"}]}

Vulnerabilities > Wso2