Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2024-10242

The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim's browser. Successful exploitation can enable an attacker to redirect the user's browser to a malicious website, modify the UI of the web page, or retrieve information from the browser. However, the impact is limited as session-related sensitive cookies are protected by the httpOnly flag, preventing session hijacking.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 14.8%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2024-10242
  • Wso2 » Api Manager » Version: 3.2.0
    cpe:2.3:a:wso2:api_manager:3.2.0
  • Wso2 » Api Manager » Version: 3.2.0.226
    cpe:2.3:a:wso2:api_manager:3.2.0.226
  • Wso2 » Api Manager » Version: 3.2.0.278
    cpe:2.3:a:wso2:api_manager:3.2.0.278
  • Wso2 » Api Manager » Version: 3.2.0.368
    cpe:2.3:a:wso2:api_manager:3.2.0.368
  • Wso2 » Api Manager » Version: 3.2.0.384
    cpe:2.3:a:wso2:api_manager:3.2.0.384
  • Wso2 » Api Manager » Version: 3.2.0.397
    cpe:2.3:a:wso2:api_manager:3.2.0.397
  • Wso2 » Api Manager » Version: 4.0.0
    cpe:2.3:a:wso2:api_manager:4.0.0
  • Wso2 » Api Manager » Version: 4.0.0.168
    cpe:2.3:a:wso2:api_manager:4.0.0.168
  • Wso2 » Api Manager » Version: 4.0.0.217
    cpe:2.3:a:wso2:api_manager:4.0.0.217
  • Wso2 » Api Manager » Version: 4.0.0.280
    cpe:2.3:a:wso2:api_manager:4.0.0.280
  • Wso2 » Api Manager » Version: 4.0.0.293
    cpe:2.3:a:wso2:api_manager:4.0.0.293
  • Wso2 » Api Manager » Version: 4.0.0.305
    cpe:2.3:a:wso2:api_manager:4.0.0.305
  • Wso2 » Api Manager » Version: 4.0.0.310
    cpe:2.3:a:wso2:api_manager:4.0.0.310


Products
Pricing
Contact Us

Shodan ® - All rights reserved