An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.
References
Link | Resource |
---|---|
https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20736/ | Patch Third Party Advisory |
https://wso2.com/security-patch-releases/api-manager | Patch Vendor Advisory |
https://github.com/wso2/carbon-apimgt/pull/5844/files | Patch Third Party Advisory |
Configurations
Information
Published : 2019-03-21 09:00
Updated : 2019-03-25 06:00
NVD link : CVE-2018-20736
Mitre link : CVE-2018-20736
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
wso2
- api_manager