e:["$","div",null,{"suppressHydrationWarning":true,"className":"max-w-screen overflow-hidden bg-asmPageTopBG bg-repeat-space bg-cover","children":["$","$L17",null,{"blok":{"_uid":"cb152be4-417a-4aef-9712-8494a3155411","body":[{"_uid":"4edbefe1-ae1d-43b7-8adc-d16a6e03346e","component":"global_header","reference":[{"name":"Navigation","created_at":"2025-12-29T16:21:06.224Z","published_at":"2025-12-10T18:12:48.651Z","updated_at":"2025-12-29T16:21:06.224Z","id":128350888873003,"uuid":"a01aed2a-fcd9-445e-ba4f-1e207f311d2b","content":{"_uid":"888f9d58-d099-4867-a1db-115cd704c6d4","global":[{"Nav":[{"_uid":"ba481eb4-d534-400f-b77a-aa26ad4718d2","name":"Products","title":"All Products","Navitems":[{"url":{"id":"5ba4d0b3-4dad-41b8-bbc3-6b1183a20287","url":"","linktype":"story","fieldtype":"multilink","cached_url":"attack-surface-management"},"_uid":"9960bd3d-1982-4572-a3bb-75cb0886b040","icon":{"id":21241298,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/a88052a5e6/asm.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Attack Surface Management","subtitle":"Get a hacker’s view of your known & unknown assets and exposures.","component":"Headernavitem","_editable":""},{"url":{"id":"14293fda-cbfc-4292-889b-ac1fe826e69d","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-intelligence"},"_uid":"8700128b-0f30-4730-8a02-e8fb31f3527b","icon":{"id":21241294,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/7c5a26d895/vi.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Vulnerability Intelligence","subtitle":"Cybersecurity strategy with timely, contextual, & predictive insights.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""},{"_uid":"cbaff37c-0c5e-457a-a014-64e2a1a1579d","name":"Solutions","title":"All Solutions","Navitems":[{"url":{"id":"1fe67f71-dca0-4ae7-8086-45424812c7c2","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-management"},"_uid":"554e3dd3-c9f2-41ac-96f3-a4cfc227ecd5","icon":{"id":21241299,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/e7370ee665/vm.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Vulnerability Management","subtitle":"Manage evolving risks with continuous threat analysis.","component":"Headernavitem","_editable":""},{"url":{"id":"9385496e-0e96-409c-a551-1be788461163","url":"","linktype":"story","fieldtype":"multilink","cached_url":"penetration-testing"},"_uid":"33edd474-13a7-4ce7-b86b-caa079bdf644","icon":{"id":21323606,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/12dc098b21/pentest-1.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Penetration Testing","subtitle":"Test your defenses before an attacker exploits them.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""},{"_uid":"bc900e69-950c-40fb-91af-9d4742d9f48e","name":"Use Cases","title":"All Use Cases","Navitems":[{"url":{"id":"0aaf2b18-9d31-4dce-937b-3dbb24b44e5a","url":"","linktype":"story","fieldtype":"multilink","cached_url":"continous-attack-surface-reduction"},"_uid":"e3765180-6f96-40eb-9f64-215b33de28db","icon":{"id":21241305,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/834a67323c/casr.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Continuous Attack Surface Reduction","subtitle":"Continuous visibility into your attack surface for proactive mitigation.","component":"Headernavitem","_editable":""},{"url":{"id":"17c33595-9ad4-45cf-aa34-1d759f00f4d8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"assets-with-known-ransomware-exploitable-vulnerabilities"},"_uid":"f8a18872-047e-4ae1-91ce-e54afb29b485","icon":{"id":21448618,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/140x140/4a5cbbbb3f/assets.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Assets with Known Ransomware & Exploitable Vulnerabilities","subtitle":"Discover if you are exposed to known ransomware vulnerabilities or not.","component":"Headernavitem","_editable":""},{"url":{"id":"59a08f71-0be4-46cf-9b61-af87e90775de","url":"","linktype":"story","fieldtype":"multilink","cached_url":"network-application-vulnerability-management"},"_uid":"68ad5556-028e-42c4-8c40-5278f33da543","icon":{"id":21241295,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/0fcbc28b9d/navm.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Network & Application Vulnerability Management","subtitle":"We scan, detect, analyze, & prioritize vulnerabilities in your network & apps.","component":"Headernavitem","_editable":""},{"url":{"id":"e357eb6c-b37f-42c2-8160-c55410d1c6fd","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-prioritization"},"_uid":"7e2e4250-652c-47cd-8118-25c56396cfee","icon":{"id":21448658,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/140x140/5582316119/vulnerability-priortization.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Vulnerability Prioritization","subtitle":"Prioritize vulnerabilities for quicker remediation.","component":"Headernavitem","_editable":""},{"url":{"id":"1f0dc561-50ef-4fbe-b051-11e113988951","url":"","linktype":"story","fieldtype":"multilink","cached_url":"network-infrastructure-penetration-testing"},"_uid":"79250bf9-09ba-4dea-86bd-f576850a3057","icon":{"id":21241302,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/a9a76f74bf/nipt.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Network & Infrastructure Penetration Testing","subtitle":"Penetration experts simulate real-world attacks on your environment.","component":"Headernavitem","_editable":""},{"url":{"id":"44727d2d-19cd-4f69-a329-ccef5b64a5a7","url":"","linktype":"story","fieldtype":"multilink","cached_url":"meet-your-compliance-requirements"},"_uid":"d1abf960-90ab-4e4a-8147-89d998b16f3b","icon":{"id":21448637,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/140x140/9e6ffcf73a/meet.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Meet your Compliance Requirements","subtitle":"Manage compliance requirements and test your security controls.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""},{"_uid":"ce844fb3-7d75-43ca-b03d-fc2d36f03121","link":{"id":"c801d107-dc40-4bc1-99ba-243fe92ceee1","url":"","linktype":"story","fieldtype":"multilink","cached_url":"partners"},"name":"Partners","title":"Partners","Navitems":[],"component":"Navigation","_editable":""},{"_uid":"65cfc6ff-bb0b-4ff4-bd69-f3ab676e570f","name":"Resources","title":"All Resources","Navitems":[{"url":{"id":"db92bf62-b3aa-4767-8c4d-f8e6a6588af8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"reports"},"_uid":"cce882f8-f607-4ed6-9f5d-7d967509161b","icon":{"id":21241293,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/e019aafb50/reports.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Reports","subtitle":"Your trusted source for comprehensive insights.","component":"Headernavitem","_editable":""},{"url":{"id":"71481572-d542-499b-ba96-cf7eb6530c95","url":"","linktype":"story","fieldtype":"multilink","cached_url":"press-releases"},"_uid":"726f54bb-f50b-4d15-a032-564bc3ece243","icon":{"id":21241296,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/31f000d7f1/mc.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Press Releases","subtitle":"Latest announcements from Securin.","component":"Headernavitem","_editable":""},{"url":{"id":"","url":"https://www.securin.io/articles","linktype":"url","fieldtype":"multilink","cached_url":"https://www.securin.io/articles"},"_uid":"a734e86d-446c-4740-9fd5-67cd33a6ddff","icon":{"id":21241300,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/4f16501ed6/articles.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Articles","subtitle":"Read about the latest news & updates in cybersecurity.","component":"Headernavitem","_editable":""},{"url":{"id":"58fb24b2-197b-40c9-b96c-917f20a5203c","url":"","linktype":"story","fieldtype":"multilink","cached_url":"media-coverage"},"_uid":"c5455cdc-c4aa-4a7c-a24e-5cb816ba10e3","icon":{"id":22191227,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/689424e016/media-coverage-icon.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Media Coverage","subtitle":"See Securin in the news.","component":"Headernavitem","_editable":""},{"url":{"id":"e9406dca-295b-4e76-8a13-3b057260fbf8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"zero-days"},"_uid":"cd0d1ab4-7b63-433d-b14a-d20dd2029925","icon":{"id":22191228,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/16276d1e46/zero-days-icon.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Zero Days","subtitle":"Zero days discovered by Securin as a CNA.","component":"Headernavitem","_editable":""},{"url":{"id":"f8a9fdba-9a79-4683-b055-196f6972b35f","url":"","linktype":"story","fieldtype":"multilink","cached_url":"ai-research-and-development"},"_uid":"cf2db2da-1796-4a63-9172-45e2fa707f4e","icon":{"id":23128701,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/100x100/98f24a7a21/ai-icon.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"AI R&D","subtitle":"Transforming AI security","component":"Headernavitem","_editable":""},{"url":{"id":"294fda8c-1175-4451-a050-4bd6a905b4d5","url":"","linktype":"story","fieldtype":"multilink","cached_url":"glossary"},"_uid":"9ff4140b-e81b-4e52-98c2-acd88945ac3f","icon":{"id":119355095319110,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/140x140/2b0bf16205/whatsapp-image-2025-12-03-at-5-47-53-pm.jpeg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Glossary","subtitle":"Your essential cybersecurity glossary.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""},{"_uid":"4c1f8557-0141-4730-8f9f-53d1afccd253","name":"About Us","title":"About Us","Navitems":[{"url":{"id":"d50c67b9-5e79-4b73-b17e-64b2b62cd1c8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"overview"},"_uid":"ab8f54f9-4c47-47bd-8b3e-968740897e02","icon":{"id":21448402,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/105x105/9c403d1155/who-we-are.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Who We Are","subtitle":"Get to know us better!","component":"Headernavitem","_editable":""},{"url":{"id":"","url":"https://careers.securin.io/jobs/Careers","target":"_blank","linktype":"url","fieldtype":"multilink","cached_url":"https://careers.securin.io/jobs/Careers"},"_uid":"eaec0e73-d5ad-4a34-b535-54c2f6f45d70","icon":{"id":21448419,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/105x105/37c7256d56/career.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Careers","subtitle":"Come work with us.","component":"Headernavitem","_editable":""},{"url":{"id":"2de96d0f-a87b-4413-844a-afdc684462ee","url":"","linktype":"story","fieldtype":"multilink","cached_url":"patents"},"_uid":"99148571-68ba-4af3-a2b5-28df368679c5","icon":{"id":22748194,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/312x385/be4d582b51/securin-patent-1.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Patents","subtitle":"Our innovative cybersecurity patents .","component":"Headernavitem","_editable":""},{"url":{"id":"459c627c-58d2-4d3b-9041-a2c79e1452c9","url":"","linktype":"story","fieldtype":"multilink","cached_url":"contact-us"},"_uid":"60f08250-27e1-4de0-b251-a4e241d593fa","icon":{"id":21448457,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/105x105/1cdadd4651/let-s-chat.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Let's Chat","subtitle":"Connect with our experts.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""}],"_uid":"2cf86c8f-c4a6-4a06-b37e-514864bee646","component":"GlobalNav","_editable":""}],"component":"Global","_editable":""},"slug":"navigation","full_slug":"global/navigation","sort_by_date":null,"position":-10,"tag_list":[],"is_startpage":false,"parent_id":128350878718819,"meta_data":null,"group_id":"7eece501-7a27-4c71-8033-d7a2ec2f9b6e","first_published_at":"2025-03-05T13:02:52.985Z","release_id":null,"lang":"default","path":null,"alternates":[],"default_full_slug":null,"translated_slugs":null,"_stopResolving":true}],"_editable":""},{"_uid":"806a061f-8c6a-4e76-a304-af973b8af6b0","lead":"CVE-2019-20440","image":{"id":22297367,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/382x407/d86ed94b86/low.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"heading":"Securin Zero-Days","component":"Zero Days Hero","subheading":"Multiple Reflected Cross-site Scripting in WSO2","published_date":"2019-07-06 18:51","publisher_icon":{"id":22221519,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/1200x1200/8a517267be/wso2.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"_editable":""},{"_uid":"0d770317-59d6-43e5-8788-ba78d171568e","component":"Zero Days Table","TableColumn":[{"_uid":"a25557b9-165d-4112-bf09-32ed0f8d1e42","lead":"WSO2","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Vendor","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"50ee0394-b48c-47d5-9b41-228354a9849b","lead":"WSO2 API Manager\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Affected Product","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"40105dfa-9801-4fc4-ae18-82c9bf7fa40f","lead":"CVE-2019-20440\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"CVE","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"ee77fdf5-489a-448e-8a8e-db9609e84050","lead":"2019-CSW-01-1021\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Securin ID","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"f6141e15-7269-43d7-9243-7a27ed9b1ecd","lead":"Fixed","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Status","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"af1bb479-00e0-48ac-a88a-94f10ab9bb9d","lead":"July 6, 2019\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Date","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""}],"_editable":""},{"_uid":"36698a31-a1f6-4d14-98e2-35dc4102085d","content":{"type":"doc","content":[{"type":"heading","attrs":{"level":3},"content":[{"text":"Description","type":"text","marks":[{"type":"bold"}]}]},{"type":"paragraph","content":[{"text":"Multiple Reflected Cross-Site Scripting (XSS) vulnerability exists in WSO2 API Manager Product 2.6.0 in the update API documentation feature of the API Publisher. A reflected cross-site script (XSS) vulnerability allows an attacker to inject malicious code into the application. An input variable vulnerable to reflected XSS is ‘docName,’ ‘version’ and ‘apiName’ in the APIs page.","type":"text","marks":[{"type":"textStyle","attrs":{"color":"#000000"}}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Proof of Concept (POC):","type":"text","marks":[{"type":"bold"}]}]},{"type":"paragraph","content":[{"text":"The following vulnerability was tested on the WSO2 API Manager version 2.6.0 Product.","type":"text"}]},{"type":"paragraph","content":[{"text":"Issue 01: Multiple Reflected Cross-Site Scripting.","type":"text"}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22308392,"alt":"","src":"https://a.storyblok.com/f/313778/949x446/7dda021fab/figure-1-update-the-existing-document-information-created-here-api-name-is-reflected-xss.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure 01: Update the existing document information created. (here API Name is ‘reflected XSS’).","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22308389,"alt":"","src":"https://a.storyblok.com/f/313778/624x523/753455504f/figure-2-add-xss-payload-to-the-variable-docname.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure 02: Add XSS payload to the variable “docName.”","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22308390,"alt":"","src":"https://a.storyblok.com/f/313778/875x295/1df92c46db/figure-3-http-response-for-the-modified-docname-variable-with-xss-payload.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":" Figure 03: “HTTP Response for the modified “docName” variable with XSS payload.”","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22308391,"alt":"","src":"https://a.storyblok.com/f/313778/853x487/c5e9937746/figure-4-injected-xss-payload-_script_alert-document-cookie-_script_-gets-reflected-in-the-browser-response.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure 04: Injected XSS payload, “> gets reflected in the browser response.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"text":"Issue 02 & 03:","type":"text"}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22308394,"alt":"","src":"https://a.storyblok.com/f/313778/1084x402/6b79be686e/figure-5-injected-xss-payload-in-variable-docname-version-and-apiname-gets-reflected-in-the-response.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure 05: Injected XSS payload in variable docName, version, and apiName gets reflected in the response.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22308393,"alt":"","src":"https://a.storyblok.com/f/313778/1013x664/228aba276d/figure-6-injected-payload-gets-reflected-in-the-browser-three-times-three-places.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure 06: Injected payload gets reflected in the browser THREE times (THREE places).","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22308395,"alt":"","src":"https://a.storyblok.com/f/313778/1018x636/9dc47b6a77/figure-7-page-looks-after-executing-the-injected-xss-payload.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure 07: Page Looks after executing the injected XSS payload.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Impact","type":"text","marks":[{"type":"bold"}]}]},{"type":"paragraph","content":[{"text":"Through an XSS attack, the attacker can make the browser redirect to a malicious website. Unauthorized actions such as changing the UI of the web page, retrieving information from the browser are possible. But since all session-related sensitive cookies are set with httpOnly flat and protected, session hijacking or mounting a similar attack would not be possible.","type":"text","marks":[{"type":"textStyle","attrs":{"color":"#000000"}}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Remediations","type":"text","marks":[{"type":"bold"}]}]},{"type":"paragraph","content":[{"text":"Download the following patch based on your product version.","type":"text"}]},{"type":"table","content":[{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"backgroundColor":null},"content":[{"type":"paragraph","content":[{"text":"Code","type":"text","marks":[{"type":"bold"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"backgroundColor":null},"content":[{"type":"paragraph","content":[{"text":"Product","type":"text","marks":[{"type":"bold"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"backgroundColor":null},"content":[{"type":"paragraph","content":[{"text":"Version","type":"text","marks":[{"type":"bold"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"backgroundColor":null},"content":[{"type":"paragraph","content":[{"text":"Patch","type":"text","marks":[{"type":"bold"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"backgroundColor":null},"content":[{"type":"paragraph","content":[{"text":"AM","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"backgroundColor":null},"content":[{"type":"paragraph","content":[{"text":" WSO2 API Manager","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"backgroundColor":null},"content":[{"type":"paragraph","content":[{"text":"2.6.0","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"backgroundColor":null},"content":[{"type":"paragraph","content":[{"text":"WSO2-CARBON-PATCH-4.4.0-5183","type":"text","marks":[{"type":"link","attrs":{"href":"https://web.archive.org/web/20250223035111/http://product-dist.wso2.com/downloads/carbon/wilkes/patch5183/WSO2-CARBON-PATCH-4.4.0-5183.zip","uuid":null,"anchor":null,"target":null,"linktype":"url"}},{"type":"bold"}]}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Timeline","type":"text","marks":[{"type":"bold"}]}]},{"type":"paragraph"}]},"component":"Zero Days Content","_editable":""},{"_uid":"d23431e6-b0c4-4b31-b8ef-7fc30f713473","component":"Timeline Content","TimelineItems":[{"_uid":"a880c229-3198-4aa2-ab58-4233b09bfa7c","lead":"Discovered in WSO2 API Manager v2.6.0.\n\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Jul 05, 2019","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"e96e3743-d5ac-44dc-9875-d87aaa6fd007","lead":"Reported to the intigriti platform.\n\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Jul 06, 2019","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"88f4261a-bbfc-4d1c-b625-0184fe61c4cf","lead":"Closed the issue in the intigriti platform as it was “out of scope.”\n\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Jul 23, 2019","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"dd97a73c-d444-4891-bbf1-9bee3f739929","lead":"Reported the vulnerability to WSO2.\n\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Jul 26, 2019","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"15e2898d-8680-4ad4-a55d-4c1ebc443275","lead":"WS02 acknowledged the report.\n\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Jul 29, 2019","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"c50ee569-8919-4f90-9133-5052df5c8d07","lead":"Fixing began in all affected versions.\n\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Aug 13, 2019","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"b43e8140-1dfc-42c9-9cf9-48c11d418fac","lead":"Public and customer announcement by the vendor about the vulnerability\n\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Oct 10, 2019","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""}],"_editable":""},{"_uid":"7f1fa798-d559-4e8d-acba-4b5158cf64f2","icon":{"id":22108202,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/54x69/75ce3828b1/zerodaysfc.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"text":"Let Securin level up your security posture!","component":"Zero Days Footer CTA","buttonLink":{"id":"459c627c-58d2-4d3b-9041-a2c79e1452c9","url":"","linktype":"story","fieldtype":"multilink","cached_url":"contact-us"},"buttonText":"Start Now","_editable":""},{"_uid":"c80c46e2-704d-4662-b20a-4f2afeaf2950","component":"global_reference","reference":[{"name":"Footer","created_at":"2025-12-29T16:21:06.224Z","published_at":"2025-09-25T08:28:11.663Z","updated_at":"2025-12-29T16:21:06.224Z","id":128350888873002,"uuid":"dab2b928-0fc3-4089-80b3-767d414eae87","content":{"_uid":"78c16d78-9604-4304-8964-fb9c971cec17","global":[{"_uid":"c38a57d1-6019-4662-ac0d-4ff9dc3d2700","items":[{"_uid":"1321a724-b4f0-4637-b2d7-4d958f76bcb7","text":"Securin helps leaders continuously improve their security posture. We work as an extension of your team to better protect your organization.","image":{"id":21111115,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/196x43/202124087b/securinlogo.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"FooterColumn1","sociallinks":[{"url":{"id":"","url":"https://www.facebook.com/securininc/","linktype":"url","fieldtype":"multilink","cached_url":"https://www.facebook.com/securininc/"},"_uid":"483fbfd4-d5de-4cfc-930a-99ad920c9b51","image":{"id":21111123,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/31d436da9a/facebook.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""},{"url":{"id":"","url":"https://www.linkedin.com/company/securin-inc","linktype":"url","fieldtype":"multilink","cached_url":"https://www.linkedin.com/company/securin-inc"},"_uid":"fd906267-1e23-41b9-8453-c00359787bc4","image":{"id":21111126,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/d1c9e6c6b2/linkedin.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""},{"url":{"id":"","url":"https://x.com/securin_inc","linktype":"url","fieldtype":"multilink","cached_url":"https://x.com/securin_inc"},"_uid":"023d62af-458f-4af0-b057-c421664bc550","image":{"id":21111125,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/7fa2bcc6d1/x.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""},{"url":{"id":"","url":"https://www.youtube.com/channel/UCUbeF1KnED2KR87b74moVng","linktype":"url","fieldtype":"multilink","cached_url":"https://www.youtube.com/channel/UCUbeF1KnED2KR87b74moVng"},"_uid":"27bc3da1-b1bf-452b-899b-f726e0573785","image":{"id":21111124,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/5bab65fc1e/yt.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""},{"url":{"id":"","url":"https://www.instagram.com/securininc/","linktype":"url","fieldtype":"multilink","cached_url":"https://www.instagram.com/securininc/"},"_uid":"bca52616-0b28-48b1-9ff5-78da89049b91","image":{"id":21111122,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/e2b9a06f92/instagram.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""}],"_editable":""},{"_uid":"0550b47c-24a0-4335-a246-a44b5447a111","email":"info@securin.io","phone":"+1 844-391-2089","title":"Contact Us","address":"2440 Louisiana Blvd NE #560, Albuquerque, NM 87110","component":"FooterColumn2","_editable":""},{"_uid":"4261e9fd-90be-43ba-989c-b18bf214df1a","Title":"Solutions","component":"FooterGenericItem","FooterLinks":[{"url":{"id":"5ba4d0b3-4dad-41b8-bbc3-6b1183a20287","url":"","linktype":"story","fieldtype":"multilink","cached_url":"attack-surface-management"},"_uid":"4b5af435-681f-4ddf-a514-d42f5b500594","text":"Attack Surface Management","component":"FooterLink","_editable":""},{"url":{"id":"14293fda-cbfc-4292-889b-ac1fe826e69d","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-intelligence"},"_uid":"05012d2c-7e65-4796-abfe-cec840dcec79","text":"Vulnerability Intelligence","component":"FooterLink","_editable":""},{"url":{"id":"1fe67f71-dca0-4ae7-8086-45424812c7c2","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-management"},"_uid":"0c3f0709-675a-401a-b6aa-cdddae9f88de","text":"Vulnerability Management","component":"FooterLink","_editable":""},{"url":{"id":"9385496e-0e96-409c-a551-1be788461163","url":"","linktype":"story","fieldtype":"multilink","cached_url":"penetration-testing"},"_uid":"a11c509a-3975-4115-9b5b-17fad5298c18","text":"Penetration Testing","component":"FooterLink","_editable":""}],"_editable":""},{"_uid":"9bdee094-39b9-4230-8c02-a2bfb41f6f2e","Title":"Resources","component":"FooterGenericItem","FooterLinks":[{"url":{"id":"","url":"https://www.securin.io/articles","linktype":"url","fieldtype":"multilink","cached_url":"https://www.securin.io/articles"},"_uid":"3d29a8a0-0be1-4d0e-891e-6c1e17171484","text":"Articles","component":"FooterLink","_editable":""},{"url":{"id":"db92bf62-b3aa-4767-8c4d-f8e6a6588af8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"reports"},"_uid":"0e1baf58-1d99-4a31-b715-20c0014c0c7f","text":"Reports","component":"FooterLink","_editable":""},{"url":{"id":"71481572-d542-499b-ba96-cf7eb6530c95","url":"","linktype":"story","fieldtype":"multilink","cached_url":"press-releases"},"_uid":"c7cc1a4b-a94e-4152-89f8-9de0b70693b8","text":"Press Releases","component":"FooterLink","_editable":""},{"url":{"id":"58fb24b2-197b-40c9-b96c-917f20a5203c","url":"","linktype":"story","fieldtype":"multilink","cached_url":"media-coverage"},"_uid":"05496d03-da7f-4506-96b9-5cecdb65a5ad","text":"Media Coverage","component":"FooterLink","_editable":""},{"url":{"id":"e9406dca-295b-4e76-8a13-3b057260fbf8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"zero-days"},"_uid":"ecbd6fa6-92c0-4bc0-842a-93703b0447a4","text":"Zero Days","component":"FooterLink","_editable":""},{"url":{"id":"f8a9fdba-9a79-4683-b055-196f6972b35f","url":"","linktype":"story","fieldtype":"multilink","cached_url":"ai-research-and-development"},"_uid":"bfa230aa-d0e3-461b-b426-e6630fdc0c69","text":"AI R&D","component":"FooterLink","_editable":""}],"_editable":""},{"_uid":"fee5eb9a-d971-4764-b21c-bc91df2b059c","Title":"Company","component":"FooterGenericItem","FooterLinks":[{"url":{"id":"d50c67b9-5e79-4b73-b17e-64b2b62cd1c8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"overview"},"_uid":"4d9f8089-31c1-4a0b-884c-f3f95e198df7","text":"Who We Are","component":"FooterLink","_editable":""},{"url":{"id":"b50e02db-acf6-421f-9818-eeb29d991537","url":"","linktype":"story","fieldtype":"multilink","cached_url":"careers"},"_uid":"77b87ac9-8c7a-448a-96ee-4a92183f9792","text":"Careers","component":"FooterLink","_editable":""}],"_editable":""},{"_uid":"e387cd83-c5ac-49d4-92ce-e9e9bcce9e7e","links":[{"url":{"id":"7fc51f60-331b-42d5-bb41-4b190aca7e66","url":"","linktype":"story","fieldtype":"multilink","cached_url":"privacy-policy"},"_uid":"b6e10f1b-9d8b-419c-9ce2-e5a621144105","text":"Privacy Policy","component":"FooterLink","_editable":""},{"url":{"id":"b30581f8-32a0-467a-a935-eda15bf6d9e9","url":"","linktype":"story","fieldtype":"multilink","cached_url":"customer-agreements"},"_uid":"3346f5e4-a947-44e0-9ed7-c4ff38a42e30","text":"Customer Agreements","component":"FooterLink","_editable":""},{"url":{"id":"","url":"","linktype":"story","fieldtype":"multilink","cached_url":""},"_uid":"718dc509-b52a-4050-a565-2ed72524f0ff","text":"Sitemap","component":"FooterLink","_editable":""}],"component":"FooterBottom","copyright":"© Copyright 2025 Securin. All Rights Reserved.","_editable":""}],"component":"GlobalFooter","FooterBottom":[{"_uid":"c31edcc5-d2cb-4d2c-b4d6-c91225c9cee8","links":[{"url":{"id":"7fc51f60-331b-42d5-bb41-4b190aca7e66","url":"","linktype":"story","fieldtype":"multilink","cached_url":"privacy-policy"},"_uid":"aa9fd59a-54a5-4be0-881e-566b063eea06","text":"Privacy Policy","component":"FooterLink","_editable":""},{"url":{"id":"b30581f8-32a0-467a-a935-eda15bf6d9e9","url":"","linktype":"story","fieldtype":"multilink","cached_url":"customer-agreements"},"_uid":"b1904ce9-2542-4525-8c04-9c3576c62afa","text":"Customer Agreements","component":"FooterLink","_editable":""}],"component":"FooterBottom","copyright":"© Copyright 2025 Securin. All Rights Reserved.","_editable":""}],"_editable":""}],"component":"Global","_editable":""},"slug":"footer","full_slug":"global/footer","sort_by_date":null,"position":0,"tag_list":[],"is_startpage":false,"parent_id":128350878718819,"meta_data":null,"group_id":"f7518288-834a-4090-94b8-8ef3b2143a8c","first_published_at":"2025-02-26T08:19:02.299Z","release_id":null,"lang":"default","path":null,"alternates":[],"default_full_slug":null,"translated_slugs":null,"_stopResolving":true}],"_editable":""}],"component":"page","datasheet":{"id":"","url":"","linktype":"story","fieldtype":"multilink","cached_url":""},"metafields":{"_uid":"b0337aeb-a0cb-4d33-a404-50b260abfbed","title":"CVE-2019-20440: Reflected XSS in WSO2 API Manager 2.6.0","plugin":"seo_metatags","og_image":"https://a.storyblok.com/f/313778/1200x1200/1ff571cfe8/securin-thumb.jpg","og_title":"CVE-2019-20440: Reflected XSS in WSO2 API Manager 2.6.0","description":"Securin reports CVE-2019-20440—a reflected XSS flaw in WSO2 API Manager 2.6.0's API Publisher. Learn about the vulnerability, its impact, and mitigation steps.","twitter_image":"","twitter_title":"CVE-2019-20440: Reflected XSS in WSO2 API Manager 2.6.0","og_description":"Securin reports CVE-2019-20440—a reflected XSS flaw in WSO2 API Manager 2.6.0's API Publisher. Learn about the vulnerability, its impact, and mitigation steps.","twitter_description":"Securin reports CVE-2019-20440—a reflected XSS flaw in WSO2 API Manager 2.6.0's API Publisher. Learn about the vulnerability, its impact, and mitigation steps."},"_editable":""}}]}]