Lucene search
+L

50 matches found

NVD
NVD
added 2025/11/05 8:15 p.m.9 views

CVE-2025-10853

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

6.1CVSS0.00177EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/05 7:21 p.m.6 views

EUVD-2025-37927

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

5.2CVSS5.3AI score0.00177EPSS
Exploits0References3
NVD
NVD
added 2025/11/05 7:16 p.m.16 views

CVE-2025-5770

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

6.1CVSS0.00202EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/05 7:2 p.m.12 views

EUVD-2025-37921

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

6.1CVSS5.6AI score0.00202EPSS
Exploits0References3
CVE
CVE
added 2025/11/05 7:2 p.m.34 views

CVE-2025-5770

WSO2: CVE-2025-5770 is a reflected XSS in authentication endpoints across multiple WSO2 products (e.g., Identity Server, API Manager, API Control Plane) caused by insufficient output encoding. The vulnerability allows a malicious actor to inject JavaScript that is reflected in responses, enabling...

6.1CVSS5.7AI score0.00202EPSS
Exploits0References1Affected Software3
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.6 views

PT-2025-45157

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A reflected cross-site scripting XSS issue exists in the authentication endpoints of WSO2 products because of insufficient output encoding. An attacker can inject JavaScript payloads in...

6.1CVSS5.7AI score0.00202EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.17 views

PT-2025-45160

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A reflected cross-site scripting XSS issue exists in the management console of multiple WSO2 products because of improper output encoding. A malicious actor can inject arbitrary...

6.1CVSS5.5AI score0.00177EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-30914

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00218EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/25 2:53 a.m.4 views

CVE-2025-0209

A reflected cross-site scripting XSS vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the server response, enabling the execution of...

6.1CVSS5.7AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/25 2:53 a.m.4 views

CVE-2025-4760

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

4.8CVSS5.6AI score0.00173EPSS
Exploits0References1
NVD
NVD
added 2025/09/23 6:15 p.m.6 views

CVE-2025-0209

A reflected cross-site scripting XSS vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the server response, enabling the execution of...

6.1CVSS0.00218EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/23 5:13 p.m.6 views

CVE-2025-0209 Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server Account Registration Flow

A reflected cross-site scripting XSS vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the server response, enabling the execution of...

6.1CVSS5.4AI score0.00218EPSS
Exploits0References1
CVE
CVE
added 2025/09/23 5:13 p.m.27 views

CVE-2025-0209

CVE-2025-0209 describes a reflected cross-site scripting (XSS) vulnerability in the account registration flow of WSO2 Identity Server caused by improper output encoding. The issue allows an attacker to inject a crafted payload that is reflected in the server response, leading to potential executi...

6.1CVSS5.4AI score0.00218EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.7 views

PT-2025-39183

Name of the Vulnerable Software and Affected Versions WSO2 Identity Server affected versions not specified Description A reflected cross-site scripting XSS issue exists in the account registration process. This is due to improper output encoding, allowing a malicious actor to inject a crafted...

6.1CVSS5.6AI score0.00218EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2016-9848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x...

5.3CVSS6.2AI score0.01308EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/02 6:30 p.m.4 views

Cross-site Scripting (XSS)

Overview org.wso2.carbon.identity.framework:org.wso2.carbon.identity.user.store.configuration.ui is an User Store UI component for WSO2 Carbon Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient output encoding in error messages generated by the JDBC...

6.1CVSS5.2AI score0.00452EPSS
Exploits0References2
OSV
OSV
added 2025/06/02 6:30 p.m.7 views

GHSA-XPXP-R8HF-WGF6 WSO2 products vulnerable to Cross-site Scripting

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...

5.2CVSS6AI score0.00452EPSS
Exploits0References4
OSV
OSV
added 2024/07/26 12:15 p.m.3 views

CVE-2024-41685

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable syste...

7.5CVSS5.8AI score0.00497EPSS
Exploits0References2
OSV
OSV
added 2024/06/07 3:15 p.m.4 views

CVE-2024-36788

Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices...

4.8CVSS5.8AI score0.00268EPSS
Exploits1References1
OSV
OSV
added 2024/05/20 4:51 p.m.12 views

GHSA-F5PP-PMQ8-GP46 Passbolt Api Retrieval of HTTP-only cookies

Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properly set HTTP-only to prevent an attacker from retrieving the content of those cookies if they manag...

3.7CVSS6.4AI score
Exploits0References4
Rows per page
Query Builder