WSO2 Products Reflected Cross-Site Scripting Vulnerability in JDBC User Store Connection Validation

Vulnerability

A reflected cross-site scripting vulnerability has been identified in multiple WSO2 products. This issue arises from inadequate output encoding in error messages produced by the JDBC user store connection validation request. A malicious actor could inject a specially crafted payload, leading the browser to execute arbitrary JavaScript within the context of the affected page. Potential consequences include manipulation of the user interface, redirection to harmful websites, or unauthorized data extraction from the browser. However, session hijacking is not a risk, as all sensitive session cookies are secured with the httpOnly flag.

Impact

Exploitation of this vulnerability could result in reflected cross-site scripting, allowing for the execution of malicious scripts in the user's browser.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

4.2

exploitability

6.5

remediation

0.0

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

4.2

exploitability

6.5

remediation

0.0

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WSO2 Products Reflected Cross-Site Scripting Vulnerability in JDBC User Store Connection Validation

Vulnerability

Impact

Affected Products

WSO2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating