Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

WSO2 API Manager — Vulnerabilities & Security Advisories 24

All 24 CVE vulnerabilities found in WSO2 API Manager, with AI-generated Chinese analysis, references, and POCs.

Vendor: WSO2

CVE IDTitleCVSSSeverityPaused
CVE-2025-6024 Cross-Site Scripting via Authentication Endpoint in Multiple WSO2 Products Allows Redirection to Malicious Websites CWE-79 6.1 Medium2026-04-16
CVE-2024-10242 Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 API Manager Allows UI Modification and Redirection CWE-79 6.1 Medium2026-04-16
CVE-2024-8010 XML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary Files CWE-611 3.5 Low2026-04-16
CVE-2024-4867 Cross-Site Scripting via Developer Portal in WSO2 API Manager Enables UI Modification and Information Retrieval CWE-79 5.4 Medium2026-04-16
CVE-2024-2374 XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service CWE-611 7.5 High2026-04-16
CVE-2024-1524 A local user can be impersonated when using federated authentication with Silent JIT Provisioning. CWE-290 7.7 High2026-02-24
CVE-2025-13590 Authenticated arbitrary file upload via a System REST API requiring administrator permission. 9.1 Critical2026-02-19
CVE-2025-9312 Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products CWE-306 9.8 Critical2025-11-18
CVE-2025-10907 Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution CWE-434 8.4 High2025-11-05
CVE-2025-9152 Improper Privilege Management in Multiple WSO2 API Manager via keymanager-operations DCR Endpoint 9.8 Critical2025-10-16
CVE-2025-10611 Potential Broken Access Control in Multiple WSO2 Products via System REST APIs 9.8 Critical2025-10-16
CVE-2025-5717 Authenticated Remote Code Execution in Multiple WSO2 Products via Event Processor Admin Service CWE-94 6.8 Medium2025-09-23
CVE-2025-4760 Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher CWE-79 4.8 Medium2025-09-23
CVE-2024-4598 Information Disclosure in Multiple WSO2 Products Due to Improper Handling in Enrich Mediator 6.5 Medium2025-09-23
CVE-2024-5962 Reflected Cross-Site Scripting (XSS) in Authentication Endpoint of Multiple WSO2 Products Due to Missing Output Encoding CWE-79 6.1 Medium2025-05-22
CVE-2024-6914 Incorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account Takeover CWE-863 8.8 High2025-05-22
CVE-2025-2905 An XML External Entity (XXE) vulnerability in Multiple WSO2 Products CWE-611 9.1 Critical2025-05-05
CVE-2024-5848 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products Due to Improper Input Validation CWE-79 6.1 Medium2025-02-27
CVE-2024-2321 Incorrect Authorization in Multiple WSO2 Products Allows API Access via Refresh Token CWE-863 5.6 Medium2025-02-27
CVE-2023-6911 部分WSO2产品 跨站脚本漏洞 CWE-79 4.8 Medium2023-12-18
CVE-2023-6839 WSO2 API Manager 安全漏洞 CWE-209 5.3 Medium2023-12-15
CVE-2023-6838 WSO2 API Manager 跨站脚本漏洞 CWE-79 6.1 Medium2023-12-15
CVE-2023-6837 Incorrect Authorization in Multiple WSO2 Products via Federated Authentication with JIT Provisioning Leading to User Impersonation CWE-863 8.5 High2023-12-15
CVE-2023-6835 WSO2 API Manager 安全漏洞 CWE-20 4.3 Medium2023-12-15

All 24 known CVE vulnerabilities affecting WSO2 API Manager with full Chinese analysis, references, and POCs where available.