cbcvebase.

Wso2 Enterprise Integrator vulnerabilities

32 known vulnerabilities affecting wso2/enterprise_integrator.

Total CVEs
32
CISA KEV
1
actively exploited
Public exploits
6
Exploited in wild
3
Severity breakdown
CRITICAL2HIGH9MEDIUM21

Vulnerabilities

Page 2 of 2
CVE-2020-24704P4MEDIUMCVSS 6.1≤ 6.6.02020-08-27
CVE-2020-24704 [MEDIUM] CWE-79 CVE-2020-24704: An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 a
nvd
CVE-2025-10853P4MEDIUMCVSS 6.1v6.6.02025-11-05
CVE-2025-10853 [MEDIUM] CWE-79 CVE-2025-10853: A reflected cross-site scripting (XSS) vulnerability exists in the management console of multiple WS A reflected cross-site scripting (XSS) vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful exploitation could result in UI manipulation, redirection to
nvd
CVE-2024-0392P4MEDIUMCVSS 5.4v6.6.02025-02-27
CVE-2024-0392 [MEDIUM] CWE-352 CVE-2024-0392: A Cross-Site Request Forgery (CSRF) vulnerability exists in the management console of WSO2 Enterpris A Cross-Site Request Forgery (CSRF) vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validation. This flaw allows attackers to craft malicious requests that can trigger state-changing operations on behalf of an authenticated user, potentially compromising account settings and data inte
nvd
CVE-2022-39809P4MEDIUMCVSS 6.1v6.4.02022-09-09
CVE-2022-39809 [MEDIUM] CWE-79 CVE-2022-39809: An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/mediation_secure_vault/properties/ajaxprocessor.jsp via the name parameter. Session hijacking or similar attacks would not be possible.
nvd
CVE-2020-25516P4MEDIUMCVSS 5.4≤ 6.6.02020-10-29
CVE-2020-25516 [MEDIUM] CWE-79 CVE-2020-25516: WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerabili WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks.
nvd
CVE-2019-19587P4MEDIUMCVSS 6.1v6.5.02019-12-05
CVE-2019-19587 [MEDIUM] CWE-79 CVE-2019-19587: In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor config In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console.
nvd
CVE-2024-8008P4MEDIUMCVSS 5.2v6.6.02025-06-02
CVE-2024-8008 [MEDIUM] CWE-79 CVE-2024-8008: A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to insuffi A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser to execute arbitrary JavaScript in the context of the v
nvd
CVE-2024-3511P4MEDIUMCVSS 4.3v6.6.02025-06-23
CVE-2024-3511 [MEDIUM] CWE-863 CVE-2024-3511: An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized a An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization. Successful exploi
nvd
CVE-2019-20443P4MEDIUMCVSS 4.8v6.5.02020-01-28
CVE-2019-20443 [MEDIUM] CWE-79 CVE-2019-20443: An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI.
nvd
CVE-2019-20442P4MEDIUMCVSS 4.8v6.5.02020-01-28
CVE-2019-20442 [MEDIUM] CWE-79 CVE-2019-20442: An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI.
nvd
CVE-2023-6911P4MEDIUMCVSS 4.8v6.1.0v6.1.1+5 more2023-12-18
CVE-2023-6911 [MEDIUM] CWE-79 CVE-2023-6911: Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.
nvd
CVE-2024-3509P4MEDIUMCVSS 4.3v6.6.02025-06-02
CVE-2024-3509 [MEDIUM] CWE-79 CVE-2024-3509: A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative access to the Management Console. If successful, the act
nvd
Wso2 Enterprise Integrator vulnerabilities | cvebase