First published: Mon Jan 27 2020(Updated: )
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WSO2 API Manager | =2.6.0 | |
WSO2 Enterprise Integrator | =6.5.0 | |
WSO2 Identity Server | =5.7.0 | |
WSO2 Identity Server | =5.8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-20443 is medium.
CVE-2019-20443 affects WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0.
The potential vulnerability in CVE-2019-20443 is a stored Cross-Site Scripting (XSS) vulnerability in the registry UI.
To fix CVE-2019-20443, update WSO2 API Manager, WSO2 Enterprise Integrator, WSO2 IS as Key Manager, and WSO2 Identity Server to the latest versions.
Yes, you can find additional information about CVE-2019-20443 at the following references: [link1], [link2], [link3].