CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 4CVE-2016-4316 – WSO2 Carbon 4.4.5 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-4316
13 Aug 2016 — Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp. Múltiples vulnerabilidades ... • https://packetstorm.news/files/id/138331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 23%CPEs: 1EXPL: 5CVE-2016-4314 – WSO2 Carbon 4.4.5 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2016-4314
13 Aug 2016 — Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp. Vulnerabilidad de salto de directorio en el LogViewer Admin Service en WSO2 Carbon 4.4.5 permite a administradores remotos autenticados leer archivos arbitrarios a través de un .. (punto punto) en el parámetro logFile para downloadgz-ajaxprocessor.jsp. DuckieTV CMS version 1.1.5 su... • https://packetstorm.news/files/id/144612 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2016-4327 – WSO2 SOA Enablement Server Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-4327
17 May 2016 — Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Vulnerabilidad XSS en WSO2 SOA Enablement Server para Java/6.6 build SSJ-6.6-20090816-1616 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de PATH_INFO. WSO2 SOA Enablement server suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/137073 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •