Every CVE whose affected-product data names Wso2 Iot Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2020-24705 — CVSS 8.8 (high): An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled…
CVE-2020-24703 — CVSS 8.8 (high): An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled…
CVE-2020-24704 — CVSS 6.1 (medium): An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager…
CVE-2020-24706 — CVSS 6.1 (medium): An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager…
CVE-2021-36760 — CVSS 6.1 (medium): In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the…
CVE-2017-14651 — CVSS 4.8 (medium): WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath…
CVE-2023-6835 — CVSS 4.3 (medium): Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating…