Skip to main content

Iot Server

7 CVEs product

Monthly

CVE-2023-6835 Maven MEDIUM This Month

Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Api Manager Iot Server
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-36760 MEDIUM This Month

In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect XSS Api Manager Identity Server Identity Server As Key Manager +1
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-24706 MEDIUM This Month

An issue was discovered in certain WSO2 products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Api Manager Api Manager Analytics Identity Server Identity Server Analytics +2
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-24705 HIGH This Week

An issue was discovered in certain WSO2 products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Api Manager Api Manager Analytics Identity Server Identity Server Analytics +2
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-24704 MEDIUM This Month

An issue was discovered in certain WSO2 products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Api Manager Api Manager Analytics Api Microgateway Data Analytics Server +5
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-24703 HIGH This Week

An issue was discovered in certain WSO2 products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Api Manager Api Manager Analytics Api Microgateway Data Analytics Server +5
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2017-14651 MEDIUM POC PATCH This Month

WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Api Manager App Manager Application Server Business Process Server +13
NVD GitHub
CVSS 3.1
4.8
EPSS
3.7%
EPSS 1% CVSS 5.3
MEDIUM This Month

Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Api Manager Iot Server
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect XSS Api Manager +3
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in certain WSO2 products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Api Manager Api Manager Analytics +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered in certain WSO2 products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Api Manager Api Manager Analytics +4
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in certain WSO2 products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Api Manager Api Manager Analytics +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered in certain WSO2 products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Api Manager Api Manager Analytics +7
NVD
EPSS 4% CVSS 4.8
MEDIUM POC PATCH This Month

WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Api Manager App Manager +15
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy