cbcvebase.
CVE-2024-10242
published 2026-04-16

CVE-2024-10242: The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject…

PriorityP429medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.24%
14.9th percentile
The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim's browser. Successful exploitation can enable an attacker to redirect the user's browser to a malicious website, modify the UI of the web page, or retrieve information from the browser. However, the impact is limited as session-related sensitive cookies are protected by the httpOnly flag, preventing session hijacking.

Affected

4 ranges
VendorProductVersion rangeFixed in
wso2api_manager>= 3.2.0 < 3.2.0.4013.2.0.401
wso2api_manager>= 4.0.0 < 4.0.0.3184.0.0.318
wso2wso2_api_manager>= 3.2.0 < 3.2.0.4013.2.0.401
wso2wso2_api_manager>= 4.0.0 < 4.0.0.3184.0.0.318
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.