PT-2020-10446 · Wso2 · Wso2 Api Manager
Sathish Kumar Balakrishnan
·
Published
2020-01-27
·
Updated
2022-11-10
·
CVE-2019-20435
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WSO2 API Manager version 2.6.0
Description
A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful
docName request parameter.Recommendations
For WSO2 API Manager version 2.6.0, consider restricting access to the inline API documentation editor page until a fix is available, and avoid using harmful
docName request parameters in HTTP GET requests.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wso2 Api Manager