Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2024-4867

The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site scripting vulnerability, a malicious actor can cause the browser to redirect to a malicious website, make changes to the UI of the web page, or retrieve information from the browser. However, session hijacking is not possible as all session-related sensitive cookies are protected by the httpOnly flag.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 9.3%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2024-4867
  • Wso2 » Api Manager » Version: 3.2.0
    cpe:2.3:a:wso2:api_manager:3.2.0
  • Wso2 » Api Manager » Version: 3.2.0.226
    cpe:2.3:a:wso2:api_manager:3.2.0.226
  • Wso2 » Api Manager » Version: 3.2.0.278
    cpe:2.3:a:wso2:api_manager:3.2.0.278
  • Wso2 » Api Manager » Version: 3.2.0.368
    cpe:2.3:a:wso2:api_manager:3.2.0.368
  • Wso2 » Api Manager » Version: 3.2.0.384
    cpe:2.3:a:wso2:api_manager:3.2.0.384
  • Wso2 » Api Manager » Version: 3.2.0.397
    cpe:2.3:a:wso2:api_manager:3.2.0.397
  • Wso2 » Api Manager » Version: 3.2.0.401
    cpe:2.3:a:wso2:api_manager:3.2.0.401
  • Wso2 » Api Manager » Version: 3.2.1
    cpe:2.3:a:wso2:api_manager:3.2.1
  • Wso2 » Api Manager » Version: 3.2.1.16
    cpe:2.3:a:wso2:api_manager:3.2.1.16
  • Wso2 » Api Manager » Version: 3.2.1.27
    cpe:2.3:a:wso2:api_manager:3.2.1.27
  • Wso2 » Api Manager » Version: 4.0.0
    cpe:2.3:a:wso2:api_manager:4.0.0
  • Wso2 » Api Manager » Version: 4.0.0.168
    cpe:2.3:a:wso2:api_manager:4.0.0.168
  • Wso2 » Api Manager » Version: 4.0.0.217
    cpe:2.3:a:wso2:api_manager:4.0.0.217
  • Wso2 » Api Manager » Version: 4.0.0.280
    cpe:2.3:a:wso2:api_manager:4.0.0.280
  • Wso2 » Api Manager » Version: 4.1.0
    cpe:2.3:a:wso2:api_manager:4.1.0
  • Wso2 » Api Manager » Version: 4.1.0.136
    cpe:2.3:a:wso2:api_manager:4.1.0.136
  • Wso2 » Api Manager » Version: 4.1.0.152
    cpe:2.3:a:wso2:api_manager:4.1.0.152
  • Wso2 » Api Manager » Version: 4.1.0.166
    cpe:2.3:a:wso2:api_manager:4.1.0.166
  • Wso2 » Api Manager » Version: 4.1.0.171
    cpe:2.3:a:wso2:api_manager:4.1.0.171


Products
Pricing
Contact Us

Shodan ® - All rights reserved