CNNVD-202510-3361 Information

CNNVD ID

CNNVD-202510-3361

Related CVE

CVE-2025-5350

• CNNVD Published: 2025-10-25

Description (Chinese)

WSO2 API Manager是美国WSO2公司的一套API生命周期管理解决方案。 WSO2 API Manager存在安全漏洞，该漏洞源于Try-It功能未正确验证用户提供的URL，可能导致服务端请求伪造和反射型跨站脚本攻击。

Description (English)

WO2 API Manager is an API life-cycle management solution for WSO2 in the United States. WO2 API Manager has a security loophole, which originates from the failure of the Try-It function to correctly verify the URL provided by the user, which may result in a service-side request for forgery and a reflector-type cross-site scrip attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WSO2

Published

2025-10-25

Last Modified

2026-02-24

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4124/ https://access.redhat.com/security/cve/cve-2025-5350

Patch

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4124/