CVE-2019-18882
https://notcve.org/view.php?id=CVE-2019-18882
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. WSO2 IS como Key Manager versión 5.7.0, permite un ataque de tipo XSS almacenado en el archivo download-userinfo.jag porque Content-Type es manejado inapropiadamente. • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0625 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-20737
https://notcve.org/view.php?id=CVE-2018-20737
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. Se ha descubierto un problema en WSO2 API Manager 2.1.0 y 2.6.0. Existe Cross-Site Scripting (XSS) reflejado en la parte carbon de producto. • https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/978/files https://wso2.com/security-patch-releases/api-manager https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20737 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •