CVE-2024-5962

Name of the Vulnerable Software and Affected Versions WSO2 products (affected versions not specified)

Description A reflected cross-site scripting (XSS) issue exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. This allows a malicious actor to inject arbitrary JavaScript into the authentication flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser. However, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.