{"id":7835,"date":"2019-07-06T20:50:32","date_gmt":"2019-07-07T03:50:32","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=zerodays&p=7835"},"modified":"2023-02-06T10:31:55","modified_gmt":"2023-02-06T17:31:55","slug":"cve-2019-20439-wso2","status":"publish","type":"zerodays","link":"https:\/\/webdev.securin.xyz\/zerodays\/cve-2019-20439-wso2\/","title":{"rendered":"CVE-2019-20439 – Reflected Cross-Site Scripting in WSO2"},"content":{"rendered":"

A vulnerability was discovered on WSO2 API Manager 2.6.0 in defining the scope to\u00a0manage the API page of the API Publisher. An input variable vulnerable to stored XSS is \u2018roles\u2019 on the API page. A reflected cross-site script (XSS) vulnerability allows an attacker to inject malicious code into the scope to an API in the API publisher by providing XSS payload as a value for roles.<\/p>\n","protected":false},"featured_media":7843,"parent":0,"menu_order":0,"template":"","vulnerability_categories":[],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/zerodays\/7835"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/zerodays"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/zerodays"}],"version-history":[{"count":5,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/zerodays\/7835\/revisions"}],"predecessor-version":[{"id":13653,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/zerodays\/7835\/revisions\/13653"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/7843"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=7835"}],"wp:term":[{"taxonomy":"vulnerability_categories","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/vulnerability_categories?post=7835"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}