We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-8008

Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation



Description

A reflected cross-site scripting (XSS) vulnerability exists in multiple [Vendor Name] products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser to execute arbitrary JavaScript in the context of the vulnerable page. This vulnerability may allow UI manipulation, redirection to malicious websites, or data exfiltration from the browser. However, since all session-related sensitive cookies are protected with the httpOnly flag, session hijacking is not possible.

Reserved 2024-08-20 | Published 2025-06-02 | Updated 2025-06-02 | Assigner WSO2


MEDIUM: 5.2CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status
unaffected

Any version before 6.6.0
unknown

6.6.0 before 6.6.0.211
affected

Default status
unaffected

Any version before 3.1.0
unknown

3.1.0 before 3.1.0.305
affected

3.2.0 before 3.2.0.396
affected

3.2.1 before 3.2.1.28
affected

4.0.0 before 4.0.0.313
affected

4.1.0 before 4.1.0.182
affected

4.2.0 before 4.2.0.121
affected

4.3.0 before 4.3.0.32
affected

Default status
unaffected

Any version before 5.10.0
unknown

5.10.0 before 5.10.0.321
affected

Default status
unaffected

Any version before 5.10.0
unknown

5.10.0 before 5.10.0.328
affected

5.11.0 before 5.11.0.374
affected

6.0.0 before 6.0.0.216
affected

6.1.0 before 6.1.0.201
affected

7.0.0 before 7.0.0.69
affected

Default status
unaffected

Any version before 2.0.0
unknown

2.0.0 before 2.0.0.374
affected

Default status
unaffected

Any version before 2.0.0
unknown

2.0.0 before 2.0.0.354
affected

Default status
unknown

5.14.127 before 5.14.127.9
affected

5.17.5 before 5.17.5.289
affected

5.17.118 before 5.17.118.10
affected

5.18.187 before 5.18.187.276
affected

5.18.248 before 5.18.248.22
affected

5.23.8 before 5.23.8.193
affected

5.24.8 before 5.24.8.11
affected

5.25.92 before 5.25.92.104
affected

5.25.705 before 5.25.705.10
affected

7.0.78 before 7.0.78.46
affected

7.5.12
unaffected

References

security.docs.wso2.com/...ty-advisories/2025/WSO2-2024-3178/ vendor-advisory

cve.org (CVE-2024-8008)

nvd.nist.gov (CVE-2024-8008)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-8008

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.