{"id":7800,"date":"2019-07-02T20:19:28","date_gmt":"2019-07-03T03:19:28","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=zerodays&#038;p=7800"},"modified":"2023-02-14T18:27:28","modified_gmt":"2023-02-15T01:27:28","slug":"cve-2019-20442-wso2","status":"publish","type":"zerodays","link":"https:\/\/10.42.32.162\/zerodays\/cve-2019-20442-wso2\/","title":{"rendered":"CVE-2019-20442 &#8211; Stored Cross-Site Scripting in WSO2"},"content":{"rendered":"<p>An issue was discovered on WSO2 API Manager before 5.7.0 in the registry UI. A stored cross-site script (XSS) vulnerability allows an attacker to inject malicious code into the application and stored in the server. An input variable was vulnerable to stored XSS is &#8216;roleToAuthorize&#8217; on the browser page.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>*Affected Products:<\/strong> WSO2 API Manager, WSO2 API Manager Analytics, WSO2 IS as Key Manager, WSO2 IS as Key Manager, WSO2 Identity Server, WSO2 Identity Server Analytics<\/p>\n","protected":false},"featured_media":7776,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays\/7800"}],"collection":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays"}],"about":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/types\/zerodays"}],"version-history":[{"count":6,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays\/7800\/revisions"}],"predecessor-version":[{"id":7802,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays\/7800\/revisions\/7802"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media\/7776"}],"wp:attachment":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media?parent=7800"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}