Vulnerabilities > Wso2 > Low

DATE CVE VULNERABILITY TITLE RISK
2017-09-21 CVE-2017-14651 Cross-site Scripting vulnerability in Wso2 products
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
network
wso2 CWE-79
3.5
3.5
2017-02-17 CVE-2016-4315 Cross-Site Request Forgery (CSRF) vulnerability in Wso2 Carbon 4.4.5
Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp.
network
wso2 CWE-352
3.5
3.5