CVE-2024-5962

EPSS 0.05%
Published 22.05.2025 19:34:05
Last modified 06.10.2025 13:57:57
Source ed10eef1-636d-4fbe-9993-6890df
Teams watchlist Login
Open Login

A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser.

While this issue could allow an attacker to manipulate the user’s browser, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Wso2 ≫ Api Manager Version4.2.0 Update-

Wso2 ≫ Api Manager Version4.3.0 Update-

Wso2 ≫ Identity Server Version6.0.0 Update-

Wso2 ≫ Identity Server Version6.1.0 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.158

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
ed10eef1-636d-4fbe-9993-6890dfa878f8	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3443/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-5962

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-5962

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-5962

EUVD