CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15108
https://notcve.org/view.php?id=CVE-2019-15108
16 Aug 2019 — An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component. Se descubrió un problema en WSO2 API Manager versiones 2.6.0 anteriores a WSO2-CARBON-PATCH-4.4.0-4457. Se presenta una vulnerabilidad de tipo XSS por medio de un nombre de archivo diseñado para la funcionalidad de carga de archivos del componente simulador de eventos. • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0597 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6513
https://notcve.org/view.php?id=CVE-2019-6513
21 May 2019 — An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one. Se encontró un problema en WSO2 API Manager 2.6.0. Es posible que un usuario logeado cargue, como documentación API, algún tipo de archivo cambiando la extensión a una permitida. • https://www.excellium-services.com/cert-xlm-advisory • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6516
https://notcve.org/view.php?id=CVE-2019-6516
14 May 2019 — An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation (port-scanning) and to perform requests to adjacent workstations (network-scanning), aka SSRF. Se ha descubierto un problema en WSO2 Dashboard Server versión 2.0.0. Es posible forzar a la aplicación a ejecutar peticiones a la estación de trabajo interna (escaneo de puertos) y realizar peticiones a estaciones de trabajo adyacentes (escaneo de red), también se conoce ... • https://wso2.com/security-patch-releases/dashboard-server • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6515
https://notcve.org/view.php?id=CVE-2019-6515
14 May 2019 — An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user. Se descubrió un problema en WSO2 API Manager versión 2.6.0. Los documentos cargados para la documentación de la API están disponibles para un usuario no identificado. • https://wso2.com/security-patch-releases/api-manager •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6514
https://notcve.org/view.php?id=CVE-2019-6514
14 May 2019 — An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS. Se descubriò un problema en WSO2 Dashboard Server versión 2.0.0. Es posible ingresar una carga de JavaScript que se almacenará en la base de datos y luego se mostrará y ejecutará en la misma página, también se conoce como una vulnerabilidad de tipo Cross-Site Scripting (XSS). • https://wso2.com/security-patch-releases/dashboard-server • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6512
https://notcve.org/view.php?id=CVE-2019-6512
14 May 2019 — An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper. Se descubrió un problema en WSO2 API Manager versión 2.6.0. Es posible forzar a la aplicación a ejecutar peticiones a la estación de trabajo interna (escaneo de puertos SSRF), a otras estaciones de trabajo adyacentes (escaneo d... • https://wso2.com/security-patch-releases/api-manager • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20736
https://notcve.org/view.php?id=CVE-2018-20736
18 Mar 2019 — An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product. Se ha descubierto un problema en WSO2 API Manager 2.1.0 y 2.6.0. Existe Cross-Site Scripting (XSS) basado en DOM en la parte de tienda del producto. • https://github.com/wso2/carbon-apimgt/pull/5844/files • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-20737
https://notcve.org/view.php?id=CVE-2018-20737
18 Mar 2019 — An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. Se ha descubierto un problema en WSO2 API Manager 2.1.0 y 2.6.0. Existe Cross-Site Scripting (XSS) reflejado en la parte carbon de producto. • https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/978/files • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 1%CPEs: 1EXPL: 6CVE-2018-8716 – WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-8716
24 Apr 2018 — WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers. WSO2 Identity Server, en versiones anteriores a la 5.5.0, tiene Cross-Site Scripting (XSS) mediante el dashboard, lo que permite ataques por parte de atacantes con pocos privilegios. WSO2 Identity Sever version 5.3.0 suffers from multiple persistent cross site scripting vulnerabilities. • https://packetstorm.news/files/id/147330 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-14995
https://notcve.org/view.php?id=CVE-2017-14995
03 Oct 2017 — The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Data Analytics Server 3.1.0, WSO2 Data Services Server 3.5.1, and WSO2 Machine Learner 1.2.0 is affected by stored XSS. La consola de administración en WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.... • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0257 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •