CNNVD-202509-3685 Information

Sep 23, 2025 cve

CNNVD ID

CNNVD-202509-3685

CVE-2025-4760

CNNVD Published: 2025-09-23

Description (Chinese)

WSO2 Identity Server（IS）是美国WSO2公司的一款身份认证服务器。 WSO2 Identity Server（IS）存在安全漏洞，该漏洞源于API文档上传期间未正确验证用户输入，可能导致存储型跨站脚本攻击。

Description (English)

WO2 Infrastructure Server (IS) is an identification server for WSO2 in the United States. There is a security loophole in WSO2 Infrastructure Server (IS), which stems from the incorrect validation of user input during uploading of API documents, which may result in a storage-type cross-site script attack.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

WSO2

Published

2025-09-23

Last Modified

2026-02-24

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4104/

Patch

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4104/

Share on: