CVE-2019-6515
https://notcve.org/view.php?id=CVE-2019-6515
An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user. Se descubrió un problema en WSO2 API Manager versión 2.6.0. Los documentos cargados para la documentación de la API están disponibles para un usuario no identificado. • https://wso2.com/security-patch-releases/api-manager https://www.excellium-services.com/cert-xlm-advisory •
CVE-2019-6514
https://notcve.org/view.php?id=CVE-2019-6514
An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS. Se descubriò un problema en WSO2 Dashboard Server versión 2.0.0. Es posible ingresar una carga de JavaScript que se almacenará en la base de datos y luego se mostrará y ejecutará en la misma página, también se conoce como una vulnerabilidad de tipo Cross-Site Scripting (XSS). • https://wso2.com/security-patch-releases/dashboard-server https://www.excellium-services.com/cert-xlm-advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-6512
https://notcve.org/view.php?id=CVE-2019-6512
An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper. Se descubrió un problema en WSO2 API Manager versión 2.6.0. Es posible forzar a la aplicación a ejecutar peticiones a la estación de trabajo interna (escaneo de puertos SSRF), a otras estaciones de trabajo adyacentes (escaneo de red SSRF), o a enumerar archivos producto de la existencia del wrapper file:// • https://wso2.com/security-patch-releases/api-manager https://www.excellium-services.com/cert-xlm-advisory • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2018-20736
https://notcve.org/view.php?id=CVE-2018-20736
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product. Se ha descubierto un problema en WSO2 API Manager 2.1.0 y 2.6.0. Existe Cross-Site Scripting (XSS) basado en DOM en la parte de tienda del producto. • https://github.com/wso2/carbon-apimgt/pull/5844/files https://wso2.com/security-patch-releases/api-manager https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20736 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-20737
https://notcve.org/view.php?id=CVE-2018-20737
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. Se ha descubierto un problema en WSO2 API Manager 2.1.0 y 2.6.0. Existe Cross-Site Scripting (XSS) reflejado en la parte carbon de producto. • https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/978/files https://wso2.com/security-patch-releases/api-manager https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20737 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •