Wso2: >> Identity Server As Key Manager >> 5.7.0 Security Vulnerabilities
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.
CVSS Score
8.7
EPSS Score
0.004
Published
2020-05-08
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-03-21
Page 3