Filtered by vendor Wso2
Subscribe
Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4315 | 1 Wso2 | 1 Carbon | 2023-12-10 | 3.5 LOW | 5.7 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp. | |||||
| CVE-2016-4316 | 1 Wso2 | 1 Carbon | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp. | |||||
| CVE-2016-4327 | 1 Wso2 | 1 Enablement Server For Java | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2016-4312 | 1 Wso2 | 1 Identity Server | 2023-12-10 | 6.0 MEDIUM | 7.5 HIGH |
| XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. NOTE: this issue can be combined with CVE-2016-4311 to exploit the vulnerability without credentials. | |||||