Wso2: >> Api Manager >> 3.1.0 Security Vulnerabilities
A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser to execute arbitrary JavaScript in the context of the vulnerable page.
This vulnerability may allow UI manipulation, redirection to malicious websites, or data exfiltration from the browser. However, since all session-related sensitive cookies are protected with the httpOnly flag, session hijacking is not possible.
CVSS Score
5.2
EPSS Score
0.0
Published
2025-06-02
An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site.
By exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-06-02
A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met:
* SOAP admin services are accessible to the attacker.
* The deployment includes an internally used attribute that is not part of the default WSO2 product configuration.
* At least one custom role exists with non-default permissions.
* The attacker has knowledge of the custom role and the internal attribute used in the deployment.
Exploiting this vulnerability allows malicious actors to assign higher privileges to self-registered users, bypassing intended access control mechanisms.
CVSS Score
4.2
EPSS Score
0.0
Published
2025-05-30
An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper authorization.
Exploitation of this flaw could allow an attacker to create multiple low-privileged user accounts, gaining unauthorized access to the system. Additionally, continuous exploitation could lead to system resource exhaustion through mass user creation.
CVSS Score
4.3
EPSS Score
0.087
Published
2025-05-30
An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including accounts with elevated privileges.
This vulnerability is exploitable only through the account recovery SOAP admin services exposed via the "/services" context path in affected products. The impact may be reduced if access to these endpoints has been restricted based on the "Security Guidelines for Production Deployment" by disabling exposure to untrusted networks.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-22
A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious JavaScript.
Successful exploitation could lead to UI manipulation, redirection to malicious websites, or data exfiltration from the browser. While session-related sensitive cookies are protected with the httpOnly flag, mitigating session hijacking risks, the impact may vary depending on gateway-level service restrictions.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-02-27
Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.
CVSS Score
4.8
EPSS Score
0.003
Published
2023-12-18
Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-12-15
Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.
CVSS Score
6.1
EPSS Score
0.006
Published
2023-12-15
Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met:
* An IDP configured for federated authentication and JIT provisioning enabled with the "Prompt for username, password and consent" option.
* A service provider that uses the above IDP for federated authentication and has the "Assert identity using mapped local subject identifier" flag enabled.
Attacker should have:
* A fresh valid user account in the federated IDP that has not been used earlier.
* Knowledge of the username of a valid user in the local IDP.
When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation.
CVSS Score
8.5
EPSS Score
0.003
Published
2023-12-15
Page 1