AIKIDO-2025-10356
org.wso2.carbon.identity.user.store.configuration.ui is vulnerable to Cross-site Scripting (XSS)
50
Medium Risk
This Affects:
org.wso2.carbon.identity.user.store.configuration.uiTL;DR
Affected versions of this package are vulnerable to cross-site scripting (XSS) due to insufficient output encoding in error messages generated during JDBC user store connection validation. An attacker could exploit this by injecting malicious scripts that may redirect users to malicious sites, manipulate the web page’s UI, steal sensitive information from the browser, or perform other harmful actions.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
org.wso2.carbon.identity.user.store.configuration.ui is vulnerable to Cross-site Scripting (XSS) in versions 5.1.0 - 7.5.11.
How to fix this
Upgrade the org.wso2.carbon.identity.framework:org.wso2.carbon.identity.user.store.configuration.ui library to a patch version.
Links
github.com/wso2/carbon-identity-framework/compare/v7.5.11...v7.5.12
security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3178/
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant