Lucene search
K

13 matches found

Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

WSO2 Management Console - Authentication Bypass

An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure. The known...

5.3CVSS6.5AI score0.00811EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.6 views

CVE-2025-10853

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

6.1CVSS5.8AI score0.00177EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/05 7:21 p.m.5 views

EUVD-2025-37927

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

5.2CVSS5.3AI score0.00177EPSS
Exploits0References3
NVD
NVD
added 2025/10/24 10:15 a.m.7 views

CVE-2025-5605

An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure. The known...

5.3CVSS0.00811EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/24 10:9 a.m.8 views

CVE-2025-5605 Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure

An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure. The known...

4.3CVSS0.00811EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.7 views

PT-2025-43610

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An authentication bypass exists in the Management Console of WSO2 products. An attacker with access to the console can modify the request URI to circumvent authentication and access...

4.3CVSS6.3AI score0.00811EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/06/04 5:14 p.m.20 views

CVE-2024-3509

A stored cross-site scripting XSS vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative...

4.3CVSS5.8AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:13 p.m.12 views

CVE-2020-17453

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter...

6.1CVSS5.8AI score0.26118EPSS
Exploits2
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.8 views

VulnCheck KEV: CVE-2020-17453

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter...

6.1CVSS6.4AI score0.26118EPSS
Exploits2References1
NVD
NVD
added 2021/04/05 10:15 p.m.40 views

CVE-2020-17453

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter...

6.1CVSS0.26118EPSS
Exploits2References3
Prion
Prion
added 2021/04/05 10:15 p.m.18 views

Design/Logic Flaw

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter...

4.3CVSS5.9AI score0.26118EPSS
Exploits2References3Affected Software8
CNNVD
CNNVD
added 2021/04/05 12:0 a.m.8 views

WSO2 Management Console 跨站脚本漏洞

WSO2 Management Console is an application from WSO2 USA, Inc. A management console. A cross-site scripting vulnerability exists in WSO2 Management Console through 5.10 that allows XSS via the carbon admin login.jsp msgId parameter...

6.1CVSS5.9AI score0.26118EPSS
Exploits2References3
Cvelist
Cvelist
added 2021/04/05 12:0 a.m.46 views

CVE-2020-17453

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter...

6AI score0.26118EPSS
Exploits2References3
Rows per page
Query Builder