CVE-2019-20442
- Source
- https://cve.org/CVERecord?id=CVE-2019-20442
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20442.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-20442
- Published
- 2020-01-28T00:15:10.930Z
- Modified
- 2026-03-14T09:37:07.781791Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI.
- References
Affected packages
Git / github.com/wso2/product-apim
Affected versions
test-tag-1.*
test-tag-1.9.0-Alpha
v1.*
v1.10.0
v1.10.0-Alpha
v1.10.0-Beta
v1.10.0-rc3
v1.10.0-rc4
v1.9.0
v1.9.0-Alpha
v1.9.0-Beta
v1.9.0-Beta-2
v1.9.0-Beta-3
v1.9.0-M2
v2.*
v2.0.0
v2.0.0-ALPHA
v2.0.0-BETA
v2.0.0-M1
v2.0.0-M2
v2.0.0-M3
v2.0.0-M4
v2.0.0-M5
v2.0.0-beta2
v2.0.0-rc1
v2.0.0-rc2
v2.0.0-rc3
v2.0.0-rc4
v2.0.0-rc5
v2.1.0-alpha
v2.1.0-update1
v2.1.0-update10
v2.1.0-update11
v2.1.0-update12
v2.1.0-update13
v2.1.0-update14
v2.1.0-update2
v2.1.0-update3
v2.1.0-update4
v2.1.0-update5
v2.1.0-update6
v2.1.0-update7
v2.1.0-update8
v2.1.0-update9
v2.2.0
v2.2.0-update1
v2.2.0-update2
v2.2.0-update3
v2.2.0-update4
v2.2.0-update5
v2.2.0-update6
v2.2.0-update7
v2.5.0
v2.5.0-Alpha
v2.5.0-Beta
v2.5.0-rc1
v2.5.0-rc2
v2.5.0-rc3
v2.5.0-rc4
v2.6.0
v2.6.0-alpha
v2.6.0-alpha2
v2.6.0-beta
v2.6.0-beta2
v2.6.0-m1
v2.6.0-m2
v2.6.0-rc1
v2.6.0-rc2
v2.6.0-rc3
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20442.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.5.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.8.0"
}
]
}
]