CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-24706
https://notcve.org/view.php?id=CVE-2020-24706
27 Aug 2020 — An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0. Se detectó un problema en determinados productos WSO2. La herramienta Try It permite un ataque de tipo XSS Reflejado. • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0718 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 84%CPEs: 2EXPL: 0CVE-2020-24589
https://notcve.org/view.php?id=CVE-2020-24589
21 Aug 2020 — The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. La Consola de Administración en WSO2 API Manager versiones hasta 3.1.0 y API Microgateway versión 2.2.0, permite ataques de tipo XML External Entity injection (XXE). • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-24591
https://notcve.org/view.php?id=CVE-2020-24591
21 Aug 2020 — The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0. La Consola de Administración en determinados productos WSO2, permite ataques de tipo XXE durante las actualizaciones de EventReceiver. Esto afecta a la API Manager versiones hasta 3.0.0, la API Manager Analytics versiones 2.2.0 ... • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24590
https://notcve.org/view.php?id=CVE-2020-24590
21 Aug 2020 — The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. La Consola de Administración en WSO2 API Manager versiones hasta 3.1.0 y API Microgateway versión 2.2.0, permite un ataque de tipo XML Entity Expansion. • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2020-13883
https://notcve.org/view.php?id=CVE-2020-13883
06 Jun 2020 — In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. En WSO2 API Manager versiones 3.0.0 y anteriores, WSO2 API Microgateway versión 2.2.0 y WSO2 IS como Key Manager versiones 5.9.0 y anteriores, Management Console permite un ataque de tipo XXE durante la adición o actualización de un Lifecycle • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0727 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12719
https://notcve.org/view.php?id=CVE-2020-12719
07 May 2020 — XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier. Una vulnerabilidad de tipo XXE durante una actualización de EventPublisher puede presentarse en Management Console en WSO2 API Manager versiones 3.0.0 y anteriores, API Manager A... • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15108
https://notcve.org/view.php?id=CVE-2019-15108
16 Aug 2019 — An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component. Se descubrió un problema en WSO2 API Manager versiones 2.6.0 anteriores a WSO2-CARBON-PATCH-4.4.0-4457. Se presenta una vulnerabilidad de tipo XSS por medio de un nombre de archivo diseñado para la funcionalidad de carga de archivos del componente simulador de eventos. • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0597 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •