Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Nuclei
Nucleiadded yesterday11 views

WSO2 - Server Side Request Forgery

WSO2 products contain SSRF and reflected XSS vulnerabilities in the deprecated Try-It feature accessible only to administrative users, caused by improper URL validation and direct content reflection, letting attackers trick admins into executing arbitrary JavaScript and querying internal services...

5.9CVSS5.3AI score0.00534EPSS
Exploits0References1
CVE
CVEadded 2025/10/24 10:8 a.m.18 views

CVE-2025-5350

CVE-2025-5350 affects WSO2 products via the deprecated Try-It feature. The vulnerability is caused by insufficient validation of user-supplied URLs, enabling SSRF and reflected XSS in the admin context when an administrator is tricked into visiting a crafted link. The SSRF could reach internal se...

5.9CVSS5.2AI score0.00534EPSS
Exploits0References1Affected Software9
Vulnrichment
Vulnrichmentadded 2025/10/24 10:8 a.m.4 views

CVE-2025-5350 SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products

SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side request forgery SSRF. Additionally, the...

5.9CVSS5.2AI score0.00534EPSS
Exploits0References1
Rows per page
Query Builder