CVE-2024-7103 – WSO2 Identity Server Reflected XSS

May 22, 2025

CVE ID : CVE-2024-7103

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the login flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser.

While this issue could allow an attacker to manipulate the user’s browser, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking.

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-7487 – WSO2 Identity Server Bypass Authentication Vulnerability

Next Article CVE-2024-51553 – ASPECT Predictable Filename Information Disclosure Vulnerability

Highlights

CVE-2025-6837 – Code-projects Library System Unrestricted File Upload Vulnerability

June 28, 2025

CVE ID : CVE-2025-6837

Published : June 29, 2025, 1:15 a.m. | 2 hours, 7 minutes ago

Description : A vulnerability classified as critical was found in code-projects Library System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

The best AirTag alternative for Samsung users is currently 30% off

One of the biggest new features on the Google Pixel 10 is also one of the most overlooked

I tested these viral ‘crush-proof’ Bluetooth speakers, and they’re not your average portables

I compared the best smartwatches from Google and Apple – and there’s a clear winner

MongoDB Data Types

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Xbox Game Pass gets Gears of War: Reloaded, Dragon Age: The Veilguard, and more — here’s what is coming through the rest of August

Resident Evil ‘9’ Requiem has some of the most incredible lighting I’ve seen in a game — and Capcom uses it as a weapon

CVE-2024-7103 – WSO2 Identity Server Reflected XSS

Blue Locker ransomware hits critical infrastructure – is your organisation ready?

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

How Heroku migrated hundreds of thousands of self-managed PostgreSQL databases to Amazon Aurora

These 3 Apple CarPlay upgrades stole WWDC 2025 for me

Effective cross-lingual LLM evaluation with Amazon Bedrock

SpecFlow to Reqnroll: A Step-by-Step Migration Guide

CVE-2025-6837 – Code-projects Library System Unrestricted File Upload Vulnerability

CVE-2025-4695 – PHPGurukul Cyber Cafe Management System SQL Injection

CISA Warns SAP 0-day Vulnerability Exploited in the Wild

CVE-2025-5389 – JeeWMS Improper Access Controls Remote Vulnerability

CVE-2024-7103 – WSO2 Identity Server Reflected XSS

Related Posts