Vulnerabilidades en WSO2
63 resultadosCVE-2023-6836MEDIUMMultiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely usEPSS 0.5%CVE-2023-6837HIGHIncorrect Authorization in Multiple WSO2 Products via Federated Authentication with JIT Provisioning Leading to User ImpersonationEPSS 0.5%CVE-2024-8008MEDIUMReflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection ValidationEPSS 0.5%CVE-2023-6838MEDIUMReflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authEPSS 0.4%CVE-2023-6911MEDIUMMultiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can beEPSS 0.4%CVE-2025-11093HIGHArbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS)EPSS 0.4%CVE-2025-10713MEDIUMXML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser ConfigurationEPSS 0.4%CVE-2024-2374HIGHXML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of ServiceEPSS 0.4%CVE-2025-9973MEDIUMAuthorization Bypass via Adaptive Authentication in WSO2 Identity Server Allows Cross-Organization Account TakeoverEPSS 0.4%CVE-2025-10470HIGHDenial-of-Service via Magic Link Authentication in WSO2 Identity Server Allows Service UnavailabilityEPSS 0.3%CVE-2024-4598MEDIUMInformation Disclosure in Multiple WSO2 Products Due to Improper Handling in Enrich MediatorEPSS 0.3%CVE-2024-7487MEDIUMImproper Authentication in WSO2 Identity Server 7.0.0 Allows Bypass of App-Native AuthenticationEPSS 0.3%CVE-2024-8010LOWXML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary FilesEPSS 0.3%CVE-2024-1524HIGHA local user can be impersonated when using federated authentication with Silent JIT Provisioning.EPSS 0.3%CVE-2024-10242MEDIUMReflected Cross-Site Scripting via Authentication Endpoint in WSO2 API Manager Allows UI Modification and RedirectionEPSS 0.2%CVE-2025-1396LOWUsername Enumeration in Multiple WSO2 Products with Multi-Attribute Login EnabledEPSS 0.2%CVE-2025-10908HIGHAccount Lock Bypass via Magic Link or Pass Key Authentication in WSO2 Identity Server Allows Unauthorized AccessEPSS 0.2%CVE-2025-6024MEDIUMCross-Site Scripting via Authentication Endpoint in Multiple WSO2 Products Allows Redirection to Malicious WebsitesEPSS 0.2%CVE-2025-0663MEDIUMPotential cross-tenant account takeover vulnerability in Multiple WSO2 Products via Adaptive Authentication and Auto-LoginEPSS 0.2%CVE-2024-2321MEDIUMIncorrect Authorization in Multiple WSO2 Products Allows API Access via Refresh TokenEPSS 0.2%