AIKIDO-2025-10356
org.wso2.carbon.identity.user.store.configuration.ui is vulnerable to Cross-site Scripting (XSS)
50
Medium Risk
This Affects:
org.wso2.carbon.identity.user.store.configuration.uiTL;DR
Affected versions of this package are vulnerable to cross-site scripting (XSS) due to insufficient output encoding in error messages generated during JDBC user store connection validation. An attacker could exploit this by injecting malicious scripts that may redirect users to malicious sites, manipulate the web page’s UI, steal sensitive information from the browser, or perform other harmful actions.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
org.wso2.carbon.identity.user.store.configuration.ui is vulnerable to Cross-site Scripting (XSS) in versions 5.1.0 - 7.5.11.
How to fix this
Upgrade the org.wso2.carbon.identity.framework:org.wso2.carbon.identity.user.store.configuration.ui library to a patch version.
Links
github.com/wso2/carbon-identity-framework/compare/v7.5.11...v7.5.12
security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3178/
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant