50 matches found
CVE-2025-10853
A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...
EUVD-2025-37927
A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...
CVE-2025-5770
A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...
EUVD-2025-37921
A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...
CVE-2025-5770
WSO2: CVE-2025-5770 is a reflected XSS in authentication endpoints across multiple WSO2 products (e.g., Identity Server, API Manager, API Control Plane) caused by insufficient output encoding. The vulnerability allows a malicious actor to inject JavaScript that is reflected in responses, enabling...
PT-2025-45157
Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A reflected cross-site scripting XSS issue exists in the authentication endpoints of WSO2 products because of insufficient output encoding. An attacker can inject JavaScript payloads in...
PT-2025-45160
Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A reflected cross-site scripting XSS issue exists in the management console of multiple WSO2 products because of improper output encoding. A malicious actor can inject arbitrary...
EUVD-2025-30914
Malicious code in bioql PyPI...
CVE-2025-0209
A reflected cross-site scripting XSS vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the server response, enabling the execution of...
CVE-2025-4760
An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...
CVE-2025-0209
A reflected cross-site scripting XSS vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the server response, enabling the execution of...
CVE-2025-0209 Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server Account Registration Flow
A reflected cross-site scripting XSS vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the server response, enabling the execution of...
CVE-2025-0209
CVE-2025-0209 describes a reflected cross-site scripting (XSS) vulnerability in the account registration flow of WSO2 Identity Server caused by improper output encoding. The issue allows an attacker to inject a crafted payload that is reflected in the server response, leading to potential executi...
PT-2025-39183
Name of the Vulnerable Software and Affected Versions WSO2 Identity Server affected versions not specified Description A reflected cross-site scripting XSS issue exists in the account registration process. This is due to improper output encoding, allowing a malicious actor to inject a crafted...
Linux Distros Unpatched Vulnerability : CVE-2016-9848
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x...
Cross-site Scripting (XSS)
Overview org.wso2.carbon.identity.framework:org.wso2.carbon.identity.user.store.configuration.ui is an User Store UI component for WSO2 Carbon Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient output encoding in error messages generated by the JDBC...
GHSA-XPXP-R8HF-WGF6 WSO2 products vulnerable to Cross-site Scripting
A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...
CVE-2024-41685
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable syste...
CVE-2024-36788
Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices...
GHSA-F5PP-PMQ8-GP46 Passbolt Api Retrieval of HTTP-only cookies
Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properly set HTTP-only to prevent an attacker from retrieving the content of those cookies if they manag...