CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20736
https://notcve.org/view.php?id=CVE-2018-20736
18 Mar 2019 — An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product. Se ha descubierto un problema en WSO2 API Manager 2.1.0 y 2.6.0. Existe Cross-Site Scripting (XSS) basado en DOM en la parte de tienda del producto. • https://github.com/wso2/carbon-apimgt/pull/5844/files • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-20737
https://notcve.org/view.php?id=CVE-2018-20737
18 Mar 2019 — An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. Se ha descubierto un problema en WSO2 API Manager 2.1.0 y 2.6.0. Existe Cross-Site Scripting (XSS) reflejado en la parte carbon de producto. • https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/978/files • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 9%CPEs: 17EXPL: 2CVE-2017-14651
https://notcve.org/view.php?id=CVE-2017-14651
21 Sep 2017 — WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. WSO2 Data Analytics Server 3.1.0 tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS) en carbon/resources/add_collection_ajaxprocessor.jsp mediante los parámetros collectionName o parentPath. • https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •