First published: Mon Mar 18 2019(Updated: )
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WSO2 API Manager | =2.6.0 | |
WSO2 Identity Server | =5.7.0 | |
WSO2 Identity Server as Key Manager | =5.7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20737 is a vulnerability discovered in WSO2 API Manager 2.1.0 and 2.6.0 that allows for reflected XSS attacks in the carbon part of the product.
The severity of CVE-2018-20737 is medium with a CVSSv3 score of 5.4.
WSO2 API Manager 2.6.0, WSO2 Identity Server 5.7.0, and WSO2 Identity Server as Key Manager 5.7.0 are affected by CVE-2018-20737.
To fix CVE-2018-20737, it is recommended to apply the security patch released by WSO2.
More information about CVE-2018-20737 can be found in the following references: [GitHub](https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/978/files), [WSO2 Security Patch Releases](https://wso2.com/security-patch-releases/api-manager), [Excellium Services](https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20737/).