CVE-2024-7103 – WSO2 Identity Server Reflected XSS

May 22, 2025

CVE ID : CVE-2024-7103

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the login flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser.

While this issue could allow an attacker to manipulate the user’s browser, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking.

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-7487 – WSO2 Identity Server Bypass Authentication Vulnerability

Next Article CVE-2024-51553 – ASPECT Predictable Filename Information Disclosure Vulnerability

Highlights

CVE-2025-4716 – Campcodes Sales and Inventory System SQL Injection Vulnerability

May 15, 2025

CVE ID : CVE-2025-4716

Published : May 15, 2025, 8:16 p.m. | 4 hours, 41 minutes ago

Description : A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pages/credit_transaction_add.php. The manipulation of the argument prod_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Sam Altman says ChatGPT’s viral Ghibli effect “forced OpenAI to do a lot of unnatural things”

How to get started with Microsoft Copilot on Windows 11

Microsoft blocks employees from sending emails that mention “Palestine” or “Gaza”

I missed out on the Clair Obscur: Expedition 33 Collector’s Edition but thankfully, the developers are launching something special

Perficient is Shaping the Future of Salesforce Innovation

Perficient is Shaping the Future of Salesforce Innovation

Opal – Optimizely’s AI-Powered Marketing Assistant

Content Compliance Without the Chaos: How Optimizely CMP Empowers Financial Services Marketers

Sam Altman says ChatGPT’s viral Ghibli effect “forced OpenAI to do a lot of unnatural things”

Sam Altman says ChatGPT’s viral Ghibli effect “forced OpenAI to do a lot of unnatural things”

How to get started with Microsoft Copilot on Windows 11

Microsoft blocks employees from sending emails that mention “Palestine” or “Gaza”

CVE-2024-7103 – WSO2 Identity Server Reflected XSS

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-47512 – Tainacan Path Traversal

CVE-2025-47667 – LiveAgent CSRF

LWiAI Podcast #208 – Claude Integrations, ChatGPT Sycophancy, Leaderboard Cheats

Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers

CVE-2025-37828 – “ufs Linux Kernel NULL Pointer Dereference Vulnerability”

CVE-2025-4716 – Campcodes Sales and Inventory System SQL Injection Vulnerability

Identity in the Shadows: Shedding Light on Cybersecurity’s Unseen Threats

SSH into Raspberry Pi from Outside Home Network Using Tailscale

Amsterdam City Tours: Discover the Best of the Dutch Capital

CVE-2024-7103 – WSO2 Identity Server Reflected XSS

Related Posts