PT-2020-10445 · Wso2 · Wso2 Api Manager
Sathish Kumar Balakrishnan
·
Published
2020-01-27
·
Updated
2022-11-10
·
CVE-2019-20434
CVSS v3.1
4.8
Medium
| Vector | AC:L/AV:N/A:N/C:L/I:L/PR:H/S:C/UI:R |
Name of the Vulnerable Software and Affected Versions
WSO2 API Manager version 2.6.0
Description
A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console.
Recommendations
For WSO2 API Manager version 2.6.0, consider restricting access to the Datasource creation page of the Management Console until a patch is available. As a temporary workaround, avoid using the Datasource creation functionality in the Management Console to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wso2 Api Manager