What the vulnerability does
01Description
An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.
CVSS base score
CVSS vector
CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:U/UI:R
What the vulnerability does
An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.
Key dates
External resources