Reflected Cross-Site Scripting Vulnerability in WSO2 Authentication Endpoint
CVE-2024-5962

6.1MEDIUM

Key Information:

Vendor: Wso2
Status: Wso2 Api Manager; Wso2 Identity Server
Vendor: CVE Published:; 22 May 2025

What is CVE-2024-5962?

A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of various WSO2 products due to inadequate output encoding of user-provided inputs. This oversight allows malicious actors to inject arbitrary JavaScript into the authentication process, which could lead to user interface manipulation, unwarranted redirections to harmful sites, or the extraction of sensitive data from the user's browser. Despite this risk, session-related cookies retain protection under the httpOnly flag, mitigating the potential for session hijacking.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WSO2 API Manager 4.2.0 < 4.2.0.94

WSO2 API Manager 4.3.0 < 4.3.0.9

WSO2 Identity Server 6.0.0 < 6.0.0.199

References

https://security.docs.wso2.com/en/latest/security-announc...

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 22, 2025
Vulnerability Reserved
Jun 13, 2024

JSON

Wso2