Vulnerabilities > Wso2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-21 | CVE-2022-29548 | Cross-site Scripting vulnerability in Wso2 products A reflected XSS issue exists in the Management Console of several WSO2 products. | 6.1 |
2022-04-18 | CVE-2022-29464 | Path Traversal vulnerability in Wso2 products Certain WSO2 products allow unrestricted file upload with resultant remote code execution. | 9.8 |
2021-12-07 | CVE-2021-36760 | Cross-site Scripting vulnerability in Wso2 products In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. | 4.3 |
2021-04-05 | CVE-2020-17453 | Cross-site Scripting vulnerability in Wso2 products WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter. | 6.1 |
2020-10-29 | CVE-2020-27885 | Cross-site Scripting vulnerability in Wso2 API Manager 3.1.0 Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. | 4.3 |
2020-10-29 | CVE-2020-25516 | Cross-site Scripting vulnerability in Wso2 Enterprise Integrator 6.4.0/6.5.0/6.6.0 WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks. | 3.5 |
2020-10-21 | CVE-2020-17454 | Cross-site Scripting vulnerability in Wso2 API Manager WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. | 4.3 |
2020-08-27 | CVE-2020-24706 | Cross-site Scripting vulnerability in Wso2 products An issue was discovered in certain WSO2 products. | 6.1 |
2020-08-27 | CVE-2020-24705 | Unspecified vulnerability in Wso2 products An issue was discovered in certain WSO2 products. | 8.8 |
2020-08-27 | CVE-2020-24704 | Cross-site Scripting vulnerability in Wso2 products An issue was discovered in certain WSO2 products. | 6.1 |