NotCVE - vendor:"Wso2" product:"Identity Server" version:" >= 5.7.0

Page 5 of 22 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-18882

https://notcve.org/view.php?id=CVE-2019-18882

WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. WSO2 IS como Key Manager versión 5.7.0, permite un ataque de tipo XSS almacenado en el archivo download-userinfo.jag porque Content-Type es manejado inapropiadamente. • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0625 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2018-20737

https://notcve.org/view.php?id=CVE-2018-20737

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. Se ha descubierto un problema en WSO2 API Manager 2.1.0 y 2.6.0. Existe Cross-Site Scripting (XSS) reflejado en la parte carbon de producto. • https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/978/files https://wso2.com/security-patch-releases/api-manager https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20737 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...3 4 5