VYPR

Wso2 Carbon Identity Management

by Wso2

CVEs (2)

  • CVE-2025-4760Sep 23, 2025
    risk 0.00cvss epss 0.00

    An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing…

  • CVE-2024-6914May 22, 2025
    risk 0.00cvss epss 0.01

    An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account…