| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-0209 | Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server Account Registration Flow | WSO2 | WSO2 Identity Server | Medium | 6.1 | 2025-09-23 17:13:11 | Deep Dive |
| CVE-2025-0663 | Potential cross-tenant account takeover vulnerability in Multiple WSO2 Products via Adaptive Authentication and Auto-Login | WSO2 | WSO2 Open Banking IAM | Medium | 6.8 | 2025-09-23 16:58:07 | Deep Dive |
| CVE-2024-6429 | Content Spoofing in Multiple WSO2 Products via Error Message Injection | WSO2 | WSO2 Identity Server as Key Manager | Medium | 4.3 | 2025-09-23 16:37:58 | Deep Dive |
| CVE-2024-3511 | Incorrect Authorization in Multiple WSO2 Products Allows Unauthorized Access to Registry Versioned Files | WSO2 | WSO2 Enterprise Integrator | Medium | 4.3 | 2025-06-23 08:47:55 | Deep Dive |
| CVE-2024-1440 | Open Redirection in Multiple WSO2 Products via Multi-Option Authentication Endpoint | WSO2 | WSO2 Identity Server | Medium | 5.4 | 2025-06-02 16:51:17 | Deep Dive |
| CVE-2024-8008 | Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation | WSO2 | WSO2 Enterprise Integrator | Medium | 5.2 | 2025-06-02 16:48:12 | Deep Dive |
| CVE-2024-3509 | Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor | WSO2 | WSO2 Enterprise Integrator | Medium | 4.3 | 2025-06-02 16:44:29 | Deep Dive |
| CVE-2024-7073 | Unauthenticated Server-Side Request Forgery (SSRF) in Multiple WSO2 Products via SOAP Admin Services | WSO2 | WSO2 Identity Server as Key Manager | Medium | 6.5 | 2025-06-02 16:38:33 | Deep Dive |
| CVE-2024-7097 | Incorrect Authorization in Multiple WSO2 Products via SOAP Admin Service Allowing Unauthorized User Signup | WSO2 | WSO2 Open Banking AM | Medium | 4.3 | 2025-05-30 15:04:10 | Deep Dive |
| CVE-2024-7096 | Privilege Escalation in Multiple WSO2 Products via SOAP Admin Service Due to Business Logic Flaw | WSO2 | WSO2 Open Banking IAM | Medium | 4.2 | 2025-05-30 14:54:32 | Deep Dive |
| CVE-2024-5962 | Reflected Cross-Site Scripting (XSS) in Authentication Endpoint of Multiple WSO2 Products Due to Missing Output Encoding | WSO2 | WSO2 API Manager | Medium | 6.1 | 2025-05-22 19:34:06 | Deep Dive |
| CVE-2024-7487 | Improper Authentication in WSO2 Identity Server 7.0.0 Allows Bypass of App-Native Authentication | WSO2 | WSO2 Identity Server | Medium | 5.8 | 2025-05-22 19:03:13 | Deep Dive |
| CVE-2024-7103 | Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server 7.0.0 Sub-Organization Login Flow | WSO2 | WSO2 Identity Server | Medium | 4.6 | 2025-05-22 18:41:12 | Deep Dive |
| CVE-2024-6914 | Incorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account Takeover | WSO2 | WSO2 API Manager | High | 8.8 | 2025-05-22 18:26:15 | Deep Dive |
| CVE-2024-2321 | Incorrect Authorization in Multiple WSO2 Products Allows API Access via Refresh Token | WSO2 | WSO2 API Manager | Medium | 5.6 | 2025-02-27 04:08:34 | Deep Dive |
| CVE-2023-6911 | 部分WSO2产品 跨站脚本漏洞 | WSO2 | WSO2 API Manager | Medium | 4.8 | 2023-12-18 08:32:59 | Deep Dive |
| CVE-2023-6838 | WSO2 API Manager 跨站脚本漏洞 | WSO2 | WSO2 API Manager | Medium | 6.1 | 2023-12-15 09:50:52 | Deep Dive |
| CVE-2023-6837 | Incorrect Authorization in Multiple WSO2 Products via Federated Authentication with JIT Provisioning Leading to User Impersonation | WSO2 | WSO2 API Manager | High | 8.5 | 2023-12-15 09:41:23 | Deep Dive |
| CVE-2023-6836 | WSO2 API Manager 安全漏洞 | WSO2 | WSO2 API Manager | Medium | 4.6 | 2023-12-15 09:26:01 | Deep Dive |
| CVE-2017-5183 | NetIQ Access Manager 跨站脚本漏洞 | - | Identity Server | 中危 | - | 2017-04-20 18:00:00 | Deep Dive |