CVE-2018-20736

CVE-2018-20736

by adidionxlm

Abstract Advisory Information

A DOM-based XSS exists on the store part of the product.

Authors: Julien Oury–Nogues

Version affected

Name: WSO2 API Manager
Versions: 2.6.0

Common Vulnerability Scoring System

2.0
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

Patches

http://product-dist.wso2.com/downloads/carbon/wilkes/patch3475/WSO2-CARBON-PATCH-4.4.0-3475.zip

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0501

Vulnerability Disclosure Timeline

  • 19/10/2018 : Vulnerability discovered
  • 22/10/2018 : Contact WSO2 security team
  • 29/01/2019 : Public disclosure
Top