VulnerAlert



PRODUCTS
02-06-2025 19:20

CVE-2024-3509 Vulnerabilidad documentada

4.3 MEDIUM
Tags
#xss
#site
#exploit
#cross
#data
#product
#javascript
#java
#editor
#cross-site
#admin
#products
#vulnerability
#cross-site scripting
#scripting
#protect
#malicious
#issue
#inject
#hijack
#execution
#access
#unauthorized
Descripción
A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation Rich Text Editor within registry section. To exploit this vulnerability, a malicious actor must have valid user account with administrative access Console. If successful, could inject persistent JavaScript payloads, enabling theft data or execution unauthorized actions on behalf other users. While issue enables client-side script execution, session-related cookies remain protected httpOnly flag, preventing session hijacking.
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-2701
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2024-3509
Resultados similares
Coincidentes en almenos en 50% de los tags
04-06-2025 CVE-2025-20278
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an aut...
Ver información
04-06-2025 CVE-2025-48962
Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cybe...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por