Vulnerabilities in WSO2
63 resultsCVE-2025-9312CRITICALImproper Certificate-Based Authentication Enforcement in Multiple WSO2 ProductsEPSS 0.2%CVE-2025-0209MEDIUMReflected Cross-Site Scripting (XSS) in WSO2 Identity Server Account Registration FlowEPSS 0.2%CVE-2024-5848MEDIUMReflected Cross-Site Scripting (XSS) in Multiple WSO2 Products Due to Improper Input ValidationEPSS 0.2%CVE-2024-5962MEDIUMReflected Cross-Site Scripting (XSS) in Authentication Endpoint of Multiple WSO2 Products Due to Missing Output EncodingEPSS 0.2%CVE-2025-0672LOWAuthentication Bypass in Multiple WSO2 Products via Stale FIDO Credential AssociationEPSS 0.2%CVE-2024-1440MEDIUMOpen Redirection in Multiple WSO2 Products via Multi-Option Authentication EndpointEPSS 0.2%CVE-2024-6429MEDIUMContent Spoofing in Multiple WSO2 Products via Error Message InjectionEPSS 0.2%CVE-2024-4867MEDIUMCross-Site Scripting via Developer Portal in WSO2 API Manager Enables UI Modification and Information RetrievalEPSS 0.2%CVE-2025-6670HIGHCross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin ServicesEPSS 0.2%CVE-2025-9955MEDIUMImproper Access Control in WSO2 Enterprise Integrator Product via SOAP Admin Services for Logs and User-Store ConfigurationEPSS 0.2%CVE-2024-7073MEDIUMUnauthenticated Server-Side Request Forgery (SSRF) in Multiple WSO2 Products via SOAP Admin ServicesEPSS 0.2%CVE-2025-8154MEDIUMHTTP Header Injection via Webhook API in Multiple WSO2 Products Allows Response Header ManipulationEPSS 0.2%CVE-2024-0391MEDIUMUsername Enumeration via Email OTP Flow in Multiple WSO2 Products Allows User Account DiscoveryEPSS 0.2%CVE-2024-7103MEDIUMReflected Cross-Site Scripting (XSS) in WSO2 Identity Server 7.0.0 Sub-Organization Login FlowEPSS 0.2%CVE-2025-5770MEDIUMReflected Cross-Site Scripting (XSS) in Authentication Endpoints of Multiple WSO2 ProductsEPSS 0.2%CVE-2025-12624MEDIUMImproper Token Invalidation in WSO2 Identity Server Allows Access After Account LockEPSS 0.2%CVE-2025-8325MEDIUMImproper Access Control via Gateway API in Multiple WSO2 Products Allows Unauthorized OperationsEPSS 0.2%CVE-2024-3511MEDIUMIncorrect Authorization in Multiple WSO2 Products Allows Unauthorized Access to Registry Versioned FilesEPSS 0.2%CVE-2025-4760MEDIUMAuthenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in PublisherEPSS 0.2%CVE-2025-10503MEDIUMReflected Cross-Site Scripting via Authentication Endpoint in WSO2 Identity ServerEPSS 0.2%