Page 7 of 33 results (0.008 seconds)

CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper. Se descubrió un problema en WSO2 API Manager versión 2.6.0. Es posible forzar a la aplicación a ejecutar peticiones a la estación de trabajo interna (escaneo de puertos SSRF), a otras estaciones de trabajo adyacentes (escaneo de red SSRF), o a enumerar archivos producto de la existencia del wrapper file:// • https://wso2.com/security-patch-releases/api-manager https://www.excellium-services.com/cert-xlm-advisory • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product. Se ha descubierto un problema en WSO2 API Manager 2.1.0 y 2.6.0. Existe Cross-Site Scripting (XSS) basado en DOM en la parte de tienda del producto. • https://github.com/wso2/carbon-apimgt/pull/5844/files https://wso2.com/security-patch-releases/api-manager https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20736 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. Se ha descubierto un problema en WSO2 API Manager 2.1.0 y 2.6.0. Existe Cross-Site Scripting (XSS) reflejado en la parte carbon de producto. • https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/978/files https://wso2.com/security-patch-releases/api-manager https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20737 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •