CVE-2024-7103 – WSO2 Identity Server Reflected XSS

May 22, 2025

CVE ID : CVE-2024-7103

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the login flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser.

While this issue could allow an attacker to manipulate the user’s browser, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking.

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-7487 – WSO2 Identity Server Bypass Authentication Vulnerability

Next Article CVE-2024-51553 – ASPECT Predictable Filename Information Disclosure Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Sam Altman says ChatGPT’s viral Ghibli effect “forced OpenAI to do a lot of unnatural things”

How to get started with Microsoft Copilot on Windows 11

Microsoft blocks employees from sending emails that mention “Palestine” or “Gaza”

I missed out on the Clair Obscur: Expedition 33 Collector’s Edition but thankfully, the developers are launching something special

Perficient is Shaping the Future of Salesforce Innovation

Perficient is Shaping the Future of Salesforce Innovation

Opal – Optimizely’s AI-Powered Marketing Assistant

Content Compliance Without the Chaos: How Optimizely CMP Empowers Financial Services Marketers

Sam Altman says ChatGPT’s viral Ghibli effect “forced OpenAI to do a lot of unnatural things”

Sam Altman says ChatGPT’s viral Ghibli effect “forced OpenAI to do a lot of unnatural things”

How to get started with Microsoft Copilot on Windows 11

Microsoft blocks employees from sending emails that mention “Palestine” or “Gaza”

CVE-2024-7103 – WSO2 Identity Server Reflected XSS

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-47512 – Tainacan Path Traversal

AbracaDABra – DAB and DAB+ Software Defined Radio (SDR) application

LightSpy Spyware’s macOS Variant Found with Advanced Surveillance Capabilities

CVE-2025-43964 – LibRaw Unvalidated Memory Access Vulnerability

5 Impactful AWS Vulnerabilities You’re Responsible For

CVE-2025-46578 – GoldenDB Database SQL Injection Vulnerability

Beware of the Antidot Android Banking Trojan Disguised as Google Play Updates

I’ve been testing the giant Echo Show 21 for weeks – here’s who should buy it (and who shouldn’t)

Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware

CVE-2024-7103 – WSO2 Identity Server Reflected XSS

Related Posts