{"id":"CVE-2018-20736","details":"An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.","modified":"2026-04-10T04:10:04.894881Z","published":"2019-03-21T16:00:37.767Z","references":[{"type":"FIX","url":"https://github.com/wso2/carbon-apimgt/pull/5844/files"},{"type":"FIX","url":"https://wso2.com/security-patch-releases/api-manager"},{"type":"FIX","url":"https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20736/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wso2/product-apim","events":[{"introduced":"0"},{"last_affected":"a87463944acbc28f14c0af2a32dc30310147a0be"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.6.0"}]}}],"versions":["test-tag-1.9.0-Alpha","v1.9.0","v1.9.0-Alpha","v1.9.0-Beta","v1.9.0-Beta-2","v1.9.0-Beta-3","v1.9.0-M2","v2.0.0-ALPHA","v2.0.0-M4","v2.1.0-alpha","v2.1.0-update1","v2.1.0-update10","v2.1.0-update11","v2.1.0-update12","v2.1.0-update13","v2.1.0-update14","v2.1.0-update2","v2.1.0-update3","v2.1.0-update5","v2.1.0-update7","v2.1.0-update8","v2.1.0-update9","v2.2.0","v2.2.0-update1","v2.2.0-update2","v2.2.0-update3","v2.2.0-update4","v2.2.0-update5","v2.2.0-update6","v2.2.0-update7","v2.5.0","v2.5.0-Alpha","v2.5.0-Beta","v2.5.0-rc1","v2.5.0-rc2","v2.5.0-rc3","v2.5.0-rc4","v2.6.0","v2.6.0-alpha","v2.6.0-alpha2","v2.6.0-beta","v2.6.0-beta2","v2.6.0-m1","v2.6.0-m2","v2.6.0-rc1","v2.6.0-rc2","v2.6.0-rc3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20736.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}