{"id":7848,"date":"2019-06-29T21:00:12","date_gmt":"2019-06-30T04:00:12","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=zerodays&p=7848"},"modified":"2023-02-14T18:28:26","modified_gmt":"2023-02-15T01:28:26","slug":"cve-2019-20437-wso2","status":"publish","type":"zerodays","link":"https:\/\/webdev.securin.xyz\/zerodays\/cve-2019-20437-wso2\/","title":{"rendered":"CVE-2019-20437 – Stored Cross-Site Scripting in WSO2 Product"},"content":{"rendered":"
A vulnerability was discovered on WSO2 products in the management console. A stored cross-site script (XSS) vulnerability allows an attacker to execute the malicious code\u00a0if there is a claim dialect configured with an XSS payload in the dialect URI, if a user picks up the malicious dialect URI, and adds it as the service provider claim dialect while configuring the service provider.<\/p>\n
<\/p>\n
*Affected Products:<\/strong> WSO2 API Manager, WSO2 API Manager Analytics, WSO2 IS as Key Manager, WSO2 Identity Server, WSO2 Identity Server Analytics<\/p>\n","protected":false},"featured_media":7843,"parent":0,"menu_order":0,"template":"","vulnerability_categories":[],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/zerodays\/7848"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/zerodays"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/zerodays"}],"version-history":[{"count":4,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/zerodays\/7848\/revisions"}],"predecessor-version":[{"id":14037,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/zerodays\/7848\/revisions\/14037"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/7843"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=7848"}],"wp:term":[{"taxonomy":"vulnerability_categories","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/vulnerability_categories?post=7848"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}