PT-2020-10452 · Wso2 · Wso2 Api Manager

Sathish Kumar Balakrishnan

Published

2020-01-27

Updated

2020-11-10

CVE-2019-20441

CVSS v3.1

4.8

Medium

Vector

AC:L/AV:N/A:N/C:L/I:L/PR:H/S:C/UI:R

Name of the Vulnerable Software and Affected Versions WSO2 API Manager version 2.6.0

Description A potential Stored Cross-Site Scripting (XSS) issue has been identified in the 'implement phase' of the API Publisher. This could allow for malicious scripts to be stored and executed, potentially leading to security breaches.

Recommendations For WSO2 API Manager version 2.6.0, consider disabling the 'implement phase' of the API Publisher until a patch is available to prevent potential exploitation of the Stored Cross-Site Scripting (XSS) issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-20441

Affected Products

Wso2 Api Manager

PT-2020-10452 · Wso2 · Wso2 Api Manager

CVE-2019-20441

Weakness Enumeration

Related Identifiers

Affected Products

References · 7