CVE-2019-20438

Опубликовано: 28 янв. 2020

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher.

Ссылки

https://cybersecurityworks.com/zerodays/cve-2019-20438-wso2.html
Exploit
Third Party Advisory
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0645
Vendor Advisory
https://github.com/cybersecurityworks/Disclosed/issues/22
Third Party Advisory
https://cybersecurityworks.com/zerodays/cve-2019-20438-wso2.html
Exploit
Third Party Advisory
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0645
Vendor Advisory
https://github.com/cybersecurityworks/Disclosed/issues/22
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wso2:api_manager:2.6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00517

Низкий

4.8 Medium

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-fw3h-pcxm-9jx2

github

больше 3 лет назад

An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher.

EPSS

Процентиль: 66%

0.00517

Низкий

4.8 Medium

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79