PT-2020-10451 · Wso2 · Wso2 Api Manager

Sathish Kumar Balakrishnan

Published

2020-01-27

Updated

2020-11-10

CVE-2019-20440

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WSO2 API Manager version 2.6.0

Description A potential Reflected Cross-Site Scripting (XSS) issue has been identified in the update API documentation feature of the API Publisher. This could potentially allow for malicious script execution.

Recommendations For WSO2 API Manager version 2.6.0, consider disabling the update API documentation feature in the API Publisher until a patch is available. Restrict access to this feature to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-20440

Affected Products

Wso2 Api Manager

PT-2020-10451 · Wso2 · Wso2 Api Manager

CVE-2019-20440

Weakness Enumeration

Related Identifiers

Affected Products

References · 7