CVE-2025-4760

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

CVE-2025-4760

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

CVE-2025-4760

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

CVE-2025-4760

CVE-2025-4760 is an authenticated stored XSS vulnerability in multiple WSO2 products, arising from improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript that...

CVE-2025-4760 Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...