CVE-2019-20435

Опубликовано: 28 янв. 2020

Источник: nvd

CVSS3: 3.5

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter.

Ссылки

https://cybersecurityworks.com/zerodays/cve-2019-20435-wso2.html
Exploit
Third Party Advisory
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0633
Vendor Advisory
https://github.com/cybersecurityworks/Disclosed/issues/18
Exploit
Issue Tracking
Third Party Advisory
https://cybersecurityworks.com/zerodays/cve-2019-20435-wso2.html
Exploit
Third Party Advisory
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0633
Vendor Advisory
https://github.com/cybersecurityworks/Disclosed/issues/18
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wso2:api_manager:2.6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00427

Низкий

3.5 Low

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-fvp5-w7h8-5v6c

CVSS3: 4.8

github

больше 3 лет назад

EPSS

Процентиль: 62%

0.00427

Низкий

3.5 Low

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79