Wso2 Identity Server vulnerabilities
43 known vulnerabilities affecting wso2/wso2_identity_server.
Total CVEs
43
CISA KEV
0
Public exploits
3
Exploited in wild
2
Severity breakdown
CRITICAL5HIGH11MEDIUM26LOW1
Vulnerabilities
Page 3 of 3
CVE-2025-0672P4LOWCVSS 3.8≥ 5.10.0, < 5.10.0.345≥ 5.11.0, < 5.11.0.3942025-09-23
CVE-2025-0672 [LOW] CWE-287 CVE-2025-0672: An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may associate the new account with the previously registered FIDO
nvd
CVE-2023-6911P4MEDIUMCVSS 4.8≥ 5.4.0.0, < 5.4.0.4≥ 5.4.1.0, < 5.4.1.3+6 more2023-12-18
CVE-2023-6911 [MEDIUM] CWE-79 CVE-2023-6911: Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored
Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.
nvd
CVE-2024-3509P4MEDIUMCVSS 4.3≥ 5.10.0, < 5.10.0.296≥ 5.11.0, < 5.11.0.333+3 more2025-06-02
CVE-2024-3509 [MEDIUM] CWE-79 CVE-2024-3509: A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2
A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section.
To exploit this vulnerability, a malicious actor must have a valid user account with administrative access to the Management Console. If successful, the act
nvd
← Previous3 / 3