216.73.216.86

CVE-2024-5962

· Published 22/05/2025 20:15 · Modified 23/05/2025 15:54

Labels: CVE-2024-5962 2025-05-22CVE-2024-5962CWE-79ed10eef1-636d-4fbe-9993-6890dfa878f8

Essential information

Published
22/05/2025 20:15
Modified
23/05/2025 15:54
Author
Creator
CVSS
6.1 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser. While this issue could allow an attacker to manipulate the user’s browser, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
ed10eef1-636d-4fbe-9993-6890dfa878f8
NVD
View on NVD

Affected products (CPE)

ProductCPE
wso2 / wso2 cpe:2.3:a:wso2:wso2:*:*:*:*:*:*:*:*

References