CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19587
https://notcve.org/view.php?id=CVE-2019-19587
In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console. En WSO2 Enterprise Integrator versión 6.5.0, ocurre un ataque de tipo XSS reflejado durante la actualización de la configuración del procesador de mensajes desde la vista de origen en la Consola de Administración. • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0658 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 17EXPL: 2CVE-2017-14651
https://notcve.org/view.php?id=CVE-2017-14651
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. WSO2 Data Analytics Server 3.1.0 tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS) en carbon/resources/add_collection_ajaxprocessor.jsp mediante los parámetros collectionName o parentPath. • https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265 https://github.com/cybersecurityworks/Disclosed/issues/15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •