wso2/product-apim

Releases283

Frequency2 weeks 8 hours

Last Release about 2 months ago

Stars986

Welcome to the WSO2 API Manager source code! For info on working with the WSO2 API Manager repository and contributing code, click the link below.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-31664 ↗	May 23, 2023Tuesday, 23 May 2023, 01:15	6.1 MEDIUM	—
A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter.
CVE-2020-13226 ↗	May 20, 2020Wednesday, 20 May 2020, 12:15	9.8 CRITICAL	7.5 HIGH
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet.