CNNVD-202511-373 Information
CNNVD ID
CNNVD-202511-373
Related CVE
- CNNVD Published: 2025-11-05
Description (Chinese)
WSO2 API Manager等都是美国WSO2公司的产品。WSO2 API Manager是一套API生命周期管理解决方案。WSO2 Identity Server(IS)是一款身份认证服务器。WSO2 API Control Plane是一个控制面板。 WSO2多款产品存在安全漏洞,该漏洞源于身份验证端点缺少输出编码,可能导致反射型跨站脚本攻击。以下产品受到影响:WSO2 Identity Server、WSO2 API Manager、WSO2 API Control Plane。
Description (English)
WSO2 API Manager and others are products of WSO2 in the United States. WO2 API Manager is an API life-cycle management solution. WO2 Verification Server (IS) is an identification server. WO2 API Control Plane is a control panel. There is a safety loophole in more than WSO2 products, which stems from the lack of output codes at the identification endpoint, which could lead to a cross-station script attack. The following products were affected: WSO2 Environmental Server, WSO2 API Manager, WSO2 API Control Plane.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
WSO2
Published
2025-11-05
Last Modified
2026-02-24
References
Patch
https://wso2.com/products/downloads/
Share on: