PT-2020-10450 · Wso2 · Wso2 Api Manager
Sathish Kumar Balakrishnan
·
Published
2020-01-27
·
Updated
2022-11-10
·
CVE-2019-20439
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WSO2 API Manager version 2.6.0
Description
A potential Reflected Cross-Site Scripting (XSS) issue has been identified in defining a scope in the "manage the API" page of the API Publisher.
Recommendations
For WSO2 API Manager version 2.6.0, consider restricting access to the "manage the API" page of the API Publisher until a fix is available. As a temporary workaround, avoid using the scope definition feature in the API Publisher to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wso2 Api Manager