CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6512
https://notcve.org/view.php?id=CVE-2019-6512
14 May 2019 — An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper. Se descubrió un problema en WSO2 API Manager versión 2.6.0. Es posible forzar a la aplicación a ejecutar peticiones a la estación de trabajo interna (escaneo de puertos SSRF), a otras estaciones de trabajo adyacentes (escaneo d... • https://wso2.com/security-patch-releases/api-manager • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20736
https://notcve.org/view.php?id=CVE-2018-20736
18 Mar 2019 — An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product. Se ha descubierto un problema en WSO2 API Manager 2.1.0 y 2.6.0. Existe Cross-Site Scripting (XSS) basado en DOM en la parte de tienda del producto. • https://github.com/wso2/carbon-apimgt/pull/5844/files • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-20737
https://notcve.org/view.php?id=CVE-2018-20737
18 Mar 2019 — An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. Se ha descubierto un problema en WSO2 API Manager 2.1.0 y 2.6.0. Existe Cross-Site Scripting (XSS) reflejado en la parte carbon de producto. • https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/978/files • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •