PT-2020-10449 · Wso2 · Wso2 Api Manager

Sathish Kumar Balakrishnan

Published

2020-01-27

Updated

2020-11-10

CVE-2019-20438

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WSO2 API Manager version 2.6.0

Description A potential stored Cross-Site Scripting (XSS) issue has been identified in the inline API documentation editor page of the API Publisher. This could allow for malicious scripts to be stored and executed, potentially affecting users of the API Manager.

Recommendations For WSO2 API Manager version 2.6.0, consider disabling the inline API documentation editor page until a patch is available to prevent potential exploitation of the stored Cross-Site Scripting issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-20438

Affected Products

Wso2 Api Manager

PT-2020-10449 · Wso2 · Wso2 Api Manager

CVE-2019-20438

Weakness Enumeration

Related Identifiers

Affected Products

References · 7