CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6516
https://notcve.org/view.php?id=CVE-2019-6516
14 May 2019 — An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation (port-scanning) and to perform requests to adjacent workstations (network-scanning), aka SSRF. Se ha descubierto un problema en WSO2 Dashboard Server versión 2.0.0. Es posible forzar a la aplicación a ejecutar peticiones a la estación de trabajo interna (escaneo de puertos) y realizar peticiones a estaciones de trabajo adyacentes (escaneo de red), también se conoce ... • https://wso2.com/security-patch-releases/dashboard-server • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6514
https://notcve.org/view.php?id=CVE-2019-6514
14 May 2019 — An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS. Se descubriò un problema en WSO2 Dashboard Server versión 2.0.0. Es posible ingresar una carga de JavaScript que se almacenará en la base de datos y luego se mostrará y ejecutará en la misma página, también se conoce como una vulnerabilidad de tipo Cross-Site Scripting (XSS). • https://wso2.com/security-patch-releases/dashboard-server • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-14995
https://notcve.org/view.php?id=CVE-2017-14995
03 Oct 2017 — The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Data Analytics Server 3.1.0, WSO2 Data Services Server 3.5.1, and WSO2 Machine Learner 1.2.0 is affected by stored XSS. La consola de administración en WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.... • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0257 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 9%CPEs: 17EXPL: 2CVE-2017-14651
https://notcve.org/view.php?id=CVE-2017-14651
21 Sep 2017 — WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. WSO2 Data Analytics Server 3.1.0 tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS) en carbon/resources/add_collection_ajaxprocessor.jsp mediante los parámetros collectionName o parentPath. • https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •