Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

WSO2 Identity Server — Vulnerabilities & Security Advisories 11

All 11 CVE vulnerabilities found in WSO2 Identity Server, with AI-generated Chinese analysis, references, and POCs.

Vendor: WSO2

CVE IDTitleCVSSSeverityPaused
CVE-2025-12624 Improper Token Invalidation in WSO2 Identity Server Allows Access After Account Lock CWE-613 6.0 Medium2026-04-16
CVE-2025-12107 Potential authenticated Server-Side Template Injection (SSTI) vulnerability. CWE-1336 8.4 High2026-02-19
CVE-2025-5770 Reflected Cross-Site Scripting (XSS) in Authentication Endpoints of Multiple WSO2 Products CWE-79 6.1 Medium2025-11-05
CVE-2025-3125 Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution CWE-434 6.7 Medium2025-11-05
CVE-2025-5605 Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure 4.3 Medium2025-10-24
CVE-2025-5350 SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products CWE-918 5.9 Medium2025-10-24
CVE-2025-1396 Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled CWE-203 3.7 Low2025-09-26
CVE-2025-0209 Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server Account Registration Flow CWE-79 6.1 Medium2025-09-23
CVE-2024-1440 Open Redirection in Multiple WSO2 Products via Multi-Option Authentication Endpoint CWE-601 5.4 Medium2025-06-02
CVE-2024-7487 Improper Authentication in WSO2 Identity Server 7.0.0 Allows Bypass of App-Native Authentication CWE-287 5.8 Medium2025-05-22
CVE-2024-7103 Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server 7.0.0 Sub-Organization Login Flow CWE-79 4.6 Medium2025-05-22

All 11 known CVE vulnerabilities affecting WSO2 Identity Server with full Chinese analysis, references, and POCs where available.