Vulnerabilities > Wso2 > Identity Server > 5.5.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-18 | CVE-2023-6911 | Cross-site Scripting vulnerability in Wso2 products Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console. | 4.8 |
2023-12-15 | CVE-2023-6836 | XXE vulnerability in Wso2 products Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. | 7.5 |
2022-04-21 | CVE-2022-29548 | Cross-site Scripting vulnerability in Wso2 products A reflected XSS issue exists in the Management Console of several WSO2 products. | 6.1 |
2022-04-18 | CVE-2022-29464 | Path Traversal vulnerability in Wso2 products Certain WSO2 products allow unrestricted file upload with resultant remote code execution. | 9.8 |
2021-04-05 | CVE-2020-17453 | Cross-site Scripting vulnerability in Wso2 products WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter. | 6.1 |
2020-08-27 | CVE-2020-24706 | Cross-site Scripting vulnerability in Wso2 products An issue was discovered in certain WSO2 products. | 6.1 |
2020-08-27 | CVE-2020-24705 | Unspecified vulnerability in Wso2 products An issue was discovered in certain WSO2 products. | 8.8 |
2020-08-27 | CVE-2020-24704 | Cross-site Scripting vulnerability in Wso2 products An issue was discovered in certain WSO2 products. | 6.1 |
2020-08-27 | CVE-2020-24703 | Unspecified vulnerability in Wso2 products An issue was discovered in certain WSO2 products. | 8.8 |
2020-06-18 | CVE-2020-14446 | Open Redirect vulnerability in Wso2 Identity Server and Identity Server AS KEY Manager An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. | 6.1 |