cvedb.io
CVE-2024-7103
MEDIUM · CVSS 4.6
EPSS exploitation probability: 0%
Published 2025-05-22T19:15:43.017 · Last modified 2026-06-17T08:19:22.070

Summary

A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the login flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser. While this issue could allow an attacker to manipulate the user’s browser, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking.

Affected products

wso2 — identity_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when wso2 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.