Shodan
Vulnerabilities
Vulnerable Software
Wso2:  >> Identity Server  >> 4.1.0  Security Vulnerabilities
CVE-2020-17453
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
CVSS Score
6.1
EPSS Score
0.763
Published
2021-04-05
CVE-2020-24705
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-08-27
CVE-2020-24706
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.
CVSS Score
6.1
EPSS Score
0.006
Published
2020-08-27
CVE-2020-14444
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-06-18
CVE-2020-14445
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface.
CVSS Score
4.4
EPSS Score
0.002
Published
2020-06-18
CVE-2020-14446
An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-06-18
CVE-2020-12719
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.
CVSS Score
8.7
EPSS Score
0.004
Published
2020-05-08
CVE-2018-8716
WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers.
CVSS Score
5.4
EPSS Score
0.011
Published
2018-04-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved