Vulnerabilities > Wso2 > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-12 | CVE-2019-18882 | Cross-site Scripting vulnerability in Wso2 Identity Server 5.7.0 WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. | 4.3 |
2019-11-12 | CVE-2019-18881 | Cross-site Scripting vulnerability in Wso2 Identity Server 5.7.0 WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. | 4.3 |
2019-08-16 | CVE-2019-15108 | Cross-site Scripting vulnerability in Wso2 API Manager An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. | 4.8 |
2019-05-21 | CVE-2019-6513 | Unrestricted Upload of File with Dangerous Type vulnerability in Wso2 API Manager 2.6.0 An issue was discovered in WSO2 API Manager 2.6.0. | 5.5 |
2019-05-14 | CVE-2019-6516 | Server-Side Request Forgery (SSRF) vulnerability in Wso2 Dashboard Server 2.0.0 An issue was discovered in WSO2 Dashboard Server 2.0.0. | 5.0 |
2019-05-14 | CVE-2019-6515 | Unspecified vulnerability in Wso2 API Manager 2.6.0 An issue was discovered in WSO2 API Manager 2.6.0. | 5.0 |
2019-05-14 | CVE-2019-6512 | Server-Side Request Forgery (SSRF) vulnerability in Wso2 API Manager 2.6.0 An issue was discovered in WSO2 API Manager 2.6.0. | 4.0 |
2017-10-04 | CVE-2017-14995 | Cross-site Scripting vulnerability in Wso2 products The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Data Analytics Server 3.1.0, WSO2 Data Services Server 3.5.1, and WSO2 Machine Learner 1.2.0 is affected by stored XSS. | 4.3 |
2017-02-17 | CVE-2016-4327 | Cross-site Scripting vulnerability in Wso2 Enablement Server FOR Java Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
2017-02-17 | CVE-2016-4316 | Cross-site Scripting vulnerability in Wso2 Carbon 4.4.5 Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp. | 4.3 |