Vulnerabilities > Wso2 > API Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-07 | CVE-2021-36760 | Cross-site Scripting vulnerability in Wso2 products In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. | 4.3 |
| 2021-04-05 | CVE-2020-17453 | Cross-site Scripting vulnerability in Wso2 products WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter. | 6.1 |
| 2020-10-29 | CVE-2020-27885 | Cross-site Scripting vulnerability in Wso2 API Manager 3.1.0 Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. | 4.3 |
| 2020-10-21 | CVE-2020-17454 | Cross-site Scripting vulnerability in Wso2 API Manager WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. | 4.3 |
| 2020-08-27 | CVE-2020-24706 | Cross-site Scripting vulnerability in Wso2 products An issue was discovered in certain WSO2 products. | 6.1 |
| 2020-08-27 | CVE-2020-24705 | Unspecified vulnerability in Wso2 products An issue was discovered in certain WSO2 products. | 8.8 |
| 2020-08-27 | CVE-2020-24704 | Cross-site Scripting vulnerability in Wso2 products An issue was discovered in certain WSO2 products. | 6.1 |
| 2020-08-27 | CVE-2020-24703 | Unspecified vulnerability in Wso2 products An issue was discovered in certain WSO2 products. | 8.8 |
| 2020-08-21 | CVE-2020-24591 | XXE vulnerability in Wso2 products The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. | 5.5 |
| 2020-08-21 | CVE-2020-24590 | XML Entity Expansion vulnerability in Wso2 API Manager and API Microgateway The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. | 6.4 |