First published: Mon Jan 27 2020(Updated: )
An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WSO2 API Manager | =2.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-20435 is a vulnerability discovered in WSO2 API Manager 2.6.0 that allows for a reflected XSS attack.
CVE-2019-20435 can be exploited by sending an HTTP GET request with a harmful 'docName' request parameter in the inline API documentation editor page of the API Publisher.
CVE-2019-20435 has a severity rating of medium with a CVSS score of 4.8.
To fix CVE-2019-20435 in WSO2 API Manager 2.6.0, apply the necessary patches and updates provided by WSO2 and follow their security advisory.
CWE-79 is a common vulnerability and exposure (CVE) classification for Cross-Site Scripting (XSS) vulnerabilities.