Vulnerabilities > Wso2 > IOT Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-15 CVE-2023-6835 Improper Input Validation vulnerability in Wso2 API Manager and IOT Server
Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.
network
low complexity
wso2 CWE-20
5.3
2021-12-07 CVE-2021-36760 Cross-site Scripting vulnerability in Wso2 products
In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter.
network
low complexity
wso2 CWE-79
6.1
2020-08-27 CVE-2020-24706 Cross-site Scripting vulnerability in Wso2 products
An issue was discovered in certain WSO2 products.
network
low complexity
wso2 CWE-79
6.1
2020-08-27 CVE-2020-24704 Cross-site Scripting vulnerability in Wso2 products
An issue was discovered in certain WSO2 products.
network
low complexity
wso2 CWE-79
6.1
2017-09-21 CVE-2017-14651 Cross-site Scripting vulnerability in Wso2 products
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
network
low complexity
wso2 CWE-79
4.8