Vulnerabilities > Wso2 > API Manager > 2.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-6911 | Cross-site Scripting vulnerability in Wso2 products Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console. | 4.8 |
| 2023-12-15 | CVE-2023-6835 | Improper Input Validation vulnerability in Wso2 API Manager and IOT Server Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated. | 5.3 |
| 2023-12-15 | CVE-2023-6836 | XXE vulnerability in Wso2 products Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. | 7.5 |
| 2023-05-23 | CVE-2023-31664 | Cross-site Scripting vulnerability in Wso2 API Manager A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter. | 6.1 |
| 2022-04-21 | CVE-2022-29548 | Cross-site Scripting vulnerability in Wso2 products A reflected XSS issue exists in the Management Console of several WSO2 products. | 6.1 |
| 2022-04-18 | CVE-2022-29464 | Path Traversal vulnerability in Wso2 products Certain WSO2 products allow unrestricted file upload with resultant remote code execution. | 9.8 |
| 2021-04-05 | CVE-2020-17453 | Cross-site Scripting vulnerability in Wso2 products WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter. | 6.1 |
| 2020-10-21 | CVE-2020-17454 | Cross-site Scripting vulnerability in Wso2 API Manager WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. | 6.1 |
| 2020-08-27 | CVE-2020-24706 | Cross-site Scripting vulnerability in Wso2 products An issue was discovered in certain WSO2 products. | 6.1 |
| 2020-08-27 | CVE-2020-24705 | Unspecified vulnerability in Wso2 products An issue was discovered in certain WSO2 products. | 8.8 |