{"id":7848,"date":"2019-06-29T21:00:12","date_gmt":"2019-06-30T04:00:12","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=zerodays&#038;p=7848"},"modified":"2023-02-14T18:28:26","modified_gmt":"2023-02-15T01:28:26","slug":"cve-2019-20437-wso2","status":"publish","type":"zerodays","link":"https:\/\/10.42.32.162\/zerodays\/cve-2019-20437-wso2\/","title":{"rendered":"CVE-2019-20437 &#8211; Stored Cross-Site Scripting in WSO2 Product"},"content":{"rendered":"<p style=\"text-align: justify;\">A vulnerability was discovered on WSO2 products in the management console. A stored cross-site script (XSS) vulnerability allows an attacker to execute the malicious code\u00a0if there is a claim dialect configured with an XSS payload in the dialect URI, if a user picks up the malicious dialect URI, and adds it as the service provider claim dialect while configuring the service provider.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>*Affected Products:<\/strong> WSO2 API Manager, WSO2 API Manager Analytics, WSO2 IS as Key Manager, WSO2 Identity Server, WSO2 Identity Server Analytics<\/p>\n","protected":false},"featured_media":7843,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays\/7848"}],"collection":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays"}],"about":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/types\/zerodays"}],"version-history":[{"count":4,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays\/7848\/revisions"}],"predecessor-version":[{"id":14037,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays\/7848\/revisions\/14037"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media\/7843"}],"wp:attachment":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media?parent=7848"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}