Every CVE whose affected-product data names Wso2 Api Microgateway, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2020-24589 — CVSS 9.1 (critical): The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.
CVE-2020-24590 — CVSS 9.1 (critical): The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.
CVE-2020-24703 — CVSS 8.8 (high): An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled…
CVE-2020-12719 — CVSS 7.2 (high): XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and…
CVE-2020-13883 — CVSS 6.7 (medium): In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows…
CVE-2020-24591 — CVSS 6.5 (medium): The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0…
CVE-2020-24704 — CVSS 6.1 (medium): An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager…
CVE-2023-6911 — CVSS 4.8 (medium): Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can…
CVE-2022-29548 — CVSS 4.6 (medium): A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0…
CVE-2023-6836 — CVSS 4.6 (medium): Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely…