CVE-2024-5962 – WSO2 WSO2 Reflected Cross-Site Scripting (XSS) Vulnerability

May 22, 2025

CVE ID : CVE-2024-5962

Published : May 22, 2025, 8:15 p.m. | 30 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser.

While this issue could allow an attacker to manipulate the user’s browser, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-48853 – ASPECT Escalation of Privilege Vulnerability

Next Article CVE-2003-5004 – Apache HTTP Server Information Disclosure

Droip: The Modern Website Builder WordPress Needed

Last week in AI dev tools: Cloudflare blocking AI crawlers by default, Perplexity Max subscription, and more (July 7, 2025)

Infragistics Launches Ultimate 25.1 With Major Updates to App Builder, Ignite UI

Design Guidelines For Better Notifications UX

There’s a massive 42% Amazon Prime Day discount on the Razer DeathAdder V3 Pro — One of the best gaming mice we gave a near-perfect score to

This 360Hz QD-OLED monitor is more than magnificent — and it’s $280 off right now

Diablo 4, one of Blizzard’s best Xbox games, is now 64% off — a devilish Anti-Amazon Prime Day discount that’s worth taking over Amazon’s deals

“One of the best and most premium charging accessories” — Razer Universal Quick Charging Stand for Xbox is 40% off

AI and Digital Trends Marketing and IT Leaders Need to Know

AI and Digital Trends Marketing and IT Leaders Need to Know

Blade Authorization Directives for View Security

Laravel AI Chat Starter Kit

There’s a massive 42% Amazon Prime Day discount on the Razer DeathAdder V3 Pro — One of the best gaming mice we gave a near-perfect score to

There’s a massive 42% Amazon Prime Day discount on the Razer DeathAdder V3 Pro — One of the best gaming mice we gave a near-perfect score to

This 360Hz QD-OLED monitor is more than magnificent — and it’s $280 off right now

Diablo 4, one of Blizzard’s best Xbox games, is now 64% off — a devilish Anti-Amazon Prime Day discount that’s worth taking over Amazon’s deals

CVE-2024-5962 – WSO2 WSO2 Reflected Cross-Site Scripting (XSS) Vulnerability

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

LLMs factor in unrelated information when recommending medical treatments

CVE-2025-52444 – Apache HTTP Server Unvalidated User Input

Exploitation Risk Grows for Critical Cisco Bug

Data Center Setup Cost for Startups in India | Affordable Implementation Services

Globalize The Intifada Shirt

How VideoAmp uses Amazon Bedrock to power their media analytics interface

CVE-2025-48752 – Apache Process-Sync Pthread Mutex Unlock Vulnerability

CVE-2025-5386 – JeeWMS SQL Injection Vulnerability

CVE-2024-5962 – WSO2 WSO2 Reflected Cross-Site Scripting (XSS) Vulnerability

Related Posts