First published: Mon Jan 27 2020(Updated: )
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WSO2 API Manager | =2.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-20439 is medium with a severity value of 4.8.
CVE-2019-20439 can potentially allow Reflected Cross-Site Scripting (XSS) attacks on WSO2 API Manager 2.6.0.
To fix CVE-2019-20439, it is recommended to apply the necessary patches or updates provided by WSO2 API Manager.
You can find more information about CVE-2019-20439 on the following references: [Reference 1](https://cybersecurityworks.com/zerodays/cve-2019-20439-wso2.html), [Reference 2](https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0644), and [Reference 3](https://github.com/cybersecurityworks/Disclosed/issues/21).
The associated CWE for CVE-2019-20439 is CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).