Vulnerabilities > Wso2 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-6911 | Cross-site Scripting vulnerability in Wso2 products Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console. | 4.8 |
| 2023-12-15 | CVE-2023-6839 | Information Exposure Through an Error Message vulnerability in Wso2 API Manager Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response. | 5.3 |
| 2023-12-15 | CVE-2023-6835 | Improper Input Validation vulnerability in Wso2 API Manager and IOT Server Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated. | 5.3 |
| 2023-12-15 | CVE-2023-6838 | Cross-site Scripting vulnerability in Wso2 products Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. | 6.1 |
| 2023-05-23 | CVE-2023-31664 | Cross-site Scripting vulnerability in Wso2 API Manager A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter. | 6.1 |
| 2022-12-15 | CVE-2022-4520 | Cross-site Scripting vulnerability in Wso2 Carbon-Registry A vulnerability was found in WSO2 carbon-registry up to 4.8.11. | 6.1 |
| 2022-12-15 | CVE-2022-4521 | Cross-site Scripting vulnerability in Wso2 Carbon-Registry A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. | 6.1 |
| 2022-04-21 | CVE-2022-29548 | Cross-site Scripting vulnerability in Wso2 products A reflected XSS issue exists in the Management Console of several WSO2 products. | 6.1 |
| 2021-12-07 | CVE-2021-36760 | Cross-site Scripting vulnerability in Wso2 products In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. | 4.3 |
| 2021-04-05 | CVE-2020-17453 | Cross-site Scripting vulnerability in Wso2 products WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter. | 6.1 |