Filtered by vendor Wso2
Subscribe
Total
86 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18881 | 1 Wso2 | 1 Identity Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. | |||||
| CVE-2019-15108 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component. | |||||
| CVE-2019-10797 | 1 Wso2 | 1 Transport-http | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled. | |||||
| CVE-2018-8716 | 1 Wso2 | 1 Identity Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers. | |||||
| CVE-2018-20737 | 1 Wso2 | 3 Api Manager, Identity Server, Identity Server As Key Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. | |||||
| CVE-2018-20736 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product. | |||||