Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

WSO2 — Vulnerabilities & Security Advisories 56

Browse all 56 CVE security advisories affecting WSO2. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products WSO2:WSO2 API ManagerWSO2 Identity ServerWSO2 Enterprise IntegratorWSO2 Identity Server as Key ManagerWSO2 Open Banking IAMcarbon-registryWSO2 Open Banking AMWSO2 API Manager WSO2 Micro Integrator
CVE IDTitleCVSSSeverityPaused
CVE-2025-4760 Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher — WSO2 API ManagerCWE-79 4.8 Medium2025-09-23
CVE-2024-4598 Information Disclosure in Multiple WSO2 Products Due to Improper Handling in Enrich Mediator — WSO2 API Manager 6.5 Medium2025-09-23
CVE-2024-3511 Incorrect Authorization in Multiple WSO2 Products Allows Unauthorized Access to Registry Versioned Files — WSO2 Enterprise IntegratorCWE-863 4.3 Medium2025-06-23
CVE-2024-1440 Open Redirection in Multiple WSO2 Products via Multi-Option Authentication Endpoint — WSO2 Identity ServerCWE-601 5.4 Medium2025-06-02
CVE-2024-8008 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation — WSO2 Enterprise IntegratorCWE-79 5.2 Medium2025-06-02
CVE-2024-3509 Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor — WSO2 Enterprise IntegratorCWE-79 4.3 Medium2025-06-02
CVE-2024-7074 Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code Execution — WSO2 Enterprise IntegratorCWE-434 6.8 Medium2025-06-02
CVE-2024-7073 Unauthenticated Server-Side Request Forgery (SSRF) in Multiple WSO2 Products via SOAP Admin Services — WSO2 Identity Server as Key ManagerCWE-918 6.5 Medium2025-06-02
CVE-2024-7097 Incorrect Authorization in Multiple WSO2 Products via SOAP Admin Service Allowing Unauthorized User Signup — WSO2 Open Banking AM 4.3 Medium2025-05-30
CVE-2024-7096 Privilege Escalation in Multiple WSO2 Products via SOAP Admin Service Due to Business Logic Flaw — WSO2 Open Banking IAMCWE-863 4.2 Medium2025-05-30
CVE-2024-5962 Reflected Cross-Site Scripting (XSS) in Authentication Endpoint of Multiple WSO2 Products Due to Missing Output Encoding — WSO2 API ManagerCWE-79 6.1 Medium2025-05-22
CVE-2024-7487 Improper Authentication in WSO2 Identity Server 7.0.0 Allows Bypass of App-Native Authentication — WSO2 Identity ServerCWE-287 5.8 Medium2025-05-22
CVE-2024-7103 Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server 7.0.0 Sub-Organization Login Flow — WSO2 Identity ServerCWE-79 4.6 Medium2025-05-22
CVE-2024-6914 Incorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account Takeover — WSO2 API ManagerCWE-863 8.8 High2025-05-22
CVE-2025-2905 An XML External Entity (XXE) vulnerability in Multiple WSO2 Products — WSO2 API ManagerCWE-611 9.1 Critical2025-05-05
CVE-2024-5848 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products Due to Improper Input Validation — WSO2 API ManagerCWE-79 6.1 Medium2025-02-27
CVE-2024-0392 Cross-Site Request Forgery (CSRF) in WSO2 Enterprise Integrator 6.6.0 Management Console Due to Missing CSRF Token Validation — WSO2 Enterprise IntegratorCWE-352 5.4 Medium2025-02-27
CVE-2024-2321 Incorrect Authorization in Multiple WSO2 Products Allows API Access via Refresh Token — WSO2 API ManagerCWE-863 5.6 Medium2025-02-27
CVE-2023-6911 部分WSO2产品 跨站脚本漏洞 — WSO2 API ManagerCWE-79 4.8 Medium2023-12-18
CVE-2023-6839 WSO2 API Manager 安全漏洞 — WSO2 API ManagerCWE-209 5.3 Medium2023-12-15
CVE-2023-6838 WSO2 API Manager 跨站脚本漏洞 — WSO2 API ManagerCWE-79 6.1 Medium2023-12-15
CVE-2023-6837 Incorrect Authorization in Multiple WSO2 Products via Federated Authentication with JIT Provisioning Leading to User Impersonation — WSO2 API ManagerCWE-863 8.5 High2023-12-15
CVE-2023-6836 WSO2 API Manager 安全漏洞 — WSO2 API Manager CWE-611 4.6 Medium2023-12-15
CVE-2023-6835 WSO2 API Manager 安全漏洞 — WSO2 API ManagerCWE-20 4.3 Medium2023-12-15
CVE-2022-4520 WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting — carbon-registryCWE-707 3.5 Low2022-12-15
CVE-2022-4521 WSO2 carbon-registry Request Parameter cross site scripting — carbon-registryCWE-79 3.5 Low2022-12-15

This page lists every published CVE security advisory associated with WSO2. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.