Shodan
Vulnerabilities
Vulnerable Software
Wso2:  >> Api Manager  Security Vulnerabilities
CVE-2019-20440
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher.
CVSS Score
3.5
EPSS Score
0.005
Published
2020-01-28
CVE-2019-20441
An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher.
CVSS Score
4.8
EPSS Score
0.005
Published
2020-01-28
CVE-2019-20442
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI.
CVSS Score
3.5
EPSS Score
0.005
Published
2020-01-28
CVE-2019-20443
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI.
CVSS Score
3.5
EPSS Score
0.005
Published
2020-01-28
CVE-2019-15108
An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.
CVSS Score
3.5
EPSS Score
0.003
Published
2019-08-16
CVE-2019-6513
An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-05-21
CVE-2019-6512
An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper.
CVSS Score
4.1
EPSS Score
0.002
Published
2019-05-14
CVE-2019-6515
An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user.
CVSS Score
5.3
EPSS Score
0.007
Published
2019-05-14
CVE-2018-20736
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-03-21
CVE-2018-20737
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-03-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved