Shodan
Vulnerabilities
Vulnerable Software
Wso2:  Security Vulnerabilities
CVE-2019-20441
An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher.
CVSS Score
4.8
EPSS Score
0.005
Published
2020-01-28
CVE-2019-20442
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI.
CVSS Score
3.5
EPSS Score
0.005
Published
2020-01-28
CVE-2019-20443
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI.
CVSS Score
3.5
EPSS Score
0.005
Published
2020-01-28
CVE-2019-19587
In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-12-05
CVE-2019-18881
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-12
CVE-2019-18882
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-12
CVE-2019-15108
An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.
CVSS Score
3.5
EPSS Score
0.003
Published
2019-08-16
CVE-2019-6513
An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-05-21
CVE-2019-6512
An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper.
CVSS Score
4.1
EPSS Score
0.002
Published
2019-05-14
CVE-2019-6514
An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-05-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved