{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4760", "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "state": "PUBLISHED", "assignerShortName": "WSO2", "dateReserved": "2025-05-15T10:20:31.569Z", "datePublished": "2025-09-23T14:55:04.917Z", "dateUpdated": "2025-09-23T19:58:26.062Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WSO2 API Manager", "vendor": "WSO2", "versions": [{"lessThan": "3.2.0", "status": "unknown", "version": "0", "versionType": "custom"}, {"lessThan": "3.2.0.428", "status": "affected", "version": "3.2.0", "versionType": "custom"}, {"lessThan": "3.2.1.48", "status": "affected", "version": "3.2.1", "versionType": "custom"}, {"lessThan": "4.1.0.209", "status": "affected", "version": "4.1.0", "versionType": "custom"}, {"lessThan": "4.2.0.145", "status": "affected", "version": "4.2.0", "versionType": "custom"}, {"lessThan": "4.3.0.60", "status": "affected", "version": "4.3.0", "versionType": "custom"}, {"lessThan": "4.4.0.23", "status": "affected", "version": "4.4.0", "versionType": "custom"}, {"lessThan": "4.5.0.7", "status": "affected", "version": "4.5.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "WSO2 API Control Plane", "vendor": "WSO2", "versions": [{"lessThan": "4.5.0.8", "status": "affected", "version": "4.5.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "WSO2 Universal Gateway", "vendor": "WSO2", "versions": [{"lessThan": "4.5.0.7", "status": "affected", "version": "4.5.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "WSO2 Traffic Manager", "vendor": "WSO2", "versions": [{"lessThan": "4.5.0.7", "status": "affected", "version": "4.5.0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "packageName": "org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.api", "product": "WSO2 Carbon API Management API", "vendor": "WSO2", "versions": [{"lessThan": "6.7.206.559", "status": "affected", "version": "6.7.206", "versionType": "custom"}, {"lessThan": "6.7.210.48", "status": "affected", "version": "6.7.210", "versionType": "custom"}, {"lessThan": "9.20.74.365", "status": "affected", "version": "9.20.74", "versionType": "custom"}, {"lessThan": "9.28.116.321", "status": "affected", "version": "9.28.116", "versionType": "custom"}, {"lessThan": "9.29.120.163", "status": "affected", "version": "9.29.120", "versionType": "custom"}, {"lessThan": "9.30.67.80", "status": "affected", "version": "9.30.67", "versionType": "custom"}, {"lessThan": "9.31.86.30", "status": "affected", "version": "9.31.86", "versionType": "custom"}, {"lessThanOrEqual": "*", "status": "unaffected", "version": "9.31.117", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Ph\u1ea1m H\u1ed3 Anh D\u0169ng"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript, which is later rendered in the browser when accessed by other users.<br><br>A successful attack could result in redirection to malicious websites, unauthorized UI modifications, or exfiltration of browser-accessible data. However, session-related sensitive cookies are protected by the httpOnly flag, preventing session hijacking.<br>"}], "value": "An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript, which is later rendered in the browser when accessed by other users.\n\nA successful attack could result in redirection to malicious websites, unauthorized UI modifications, or exfiltration of browser-accessible data. However, session-related sensitive cookies are protected by the httpOnly flag, preventing session hijacking."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "shortName": "WSO2", "dateUpdated": "2025-09-23T14:55:04.917Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4104/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: transparent;\">Follow the instructions given on </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4104/#solution\"><span style=\"background-color: transparent;\">https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4104/#solution</span></a> <br>"}], "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4104/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4104/#solution"}], "source": {"advisory": "WSO2-2025-4104", "discovery": "EXTERNAL"}, "title": "Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-23T19:58:20.115874Z", "id": "CVE-2025-4760", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-23T19:58:26.062Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4760", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-23T19:58:20.115874Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-23T19:58:23.129Z"}}], "cna": {"title": "Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher", "source": {"advisory": "WSO2-2025-4104", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Ph\u1ea1m H\u1ed3 Anh D\u0169ng"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WSO2", "product": "WSO2 API Manager", "versions": [{"status": "unknown", "version": "0", "lessThan": "3.2.0", "versionType": "custom"}, {"status": "affected", "version": "3.2.0", "lessThan": "3.2.0.428", "versionType": "custom"}, {"status": "affected", "version": "3.2.1", "lessThan": "3.2.1.48", "versionType": "custom"}, {"status": "affected", "version": "4.1.0", "lessThan": "4.1.0.209", "versionType": "custom"}, {"status": "affected", "version": "4.2.0", "lessThan": "4.2.0.145", "versionType": "custom"}, {"status": "affected", "version": "4.3.0", "lessThan": "4.3.0.60", "versionType": "custom"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.0.23", "versionType": "custom"}, {"status": "affected", "version": "4.5.0", "lessThan": "4.5.0.7", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "WSO2", "product": "WSO2 API Control Plane", "versions": [{"status": "affected", "version": "4.5.0", "lessThan": "4.5.0.8", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "WSO2", "product": "WSO2 Universal Gateway", "versions": [{"status": "affected", "version": "4.5.0", "lessThan": "4.5.0.7", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "WSO2", "product": "WSO2 Traffic Manager", "versions": [{"status": "affected", "version": "4.5.0", "lessThan": "4.5.0.7", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "WSO2", "product": "WSO2 Carbon API Management API", "versions": [{"status": "affected", "version": "6.7.206", "lessThan": "6.7.206.559", "versionType": "custom"}, {"status": "affected", "version": "6.7.210", "lessThan": "6.7.210.48", "versionType": "custom"}, {"status": "affected", "version": "9.20.74", "lessThan": "9.20.74.365", "versionType": "custom"}, {"status": "affected", "version": "9.28.116", "lessThan": "9.28.116.321", "versionType": "custom"}, {"status": "affected", "version": "9.29.120", "lessThan": "9.29.120.163", "versionType": "custom"}, {"status": "affected", "version": "9.30.67", "lessThan": "9.30.67.80", "versionType": "custom"}, {"status": "affected", "version": "9.31.86", "lessThan": "9.31.86.30", "versionType": "custom"}, {"status": "unaffected", "version": "9.31.117", "versionType": "custom", "lessThanOrEqual": "*"}], "packageName": "org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.api", "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4104/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4104/#solution", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: transparent;\">Follow the instructions given on </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4104/#solution\"><span style=\"background-color: transparent;\">https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4104/#solution</span></a> <br>", "base64": false}]}], "references": [{"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4104/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript, which is later rendered in the browser when accessed by other users.\n\nA successful attack could result in redirection to malicious websites, unauthorized UI modifications, or exfiltration of browser-accessible data. However, session-related sensitive cookies are protected by the httpOnly flag, preventing session hijacking.", "supportingMedia": [{"type": "text/html", "value": "An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript, which is later rendered in the browser when accessed by other users.<br><br>A successful attack could result in redirection to malicious websites, unauthorized UI modifications, or exfiltration of browser-accessible data. However, session-related sensitive cookies are protected by the httpOnly flag, preventing session hijacking.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "shortName": "WSO2", "dateUpdated": "2025-09-23T14:55:04.917Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4760", "state": "PUBLISHED", "dateUpdated": "2025-09-23T19:58:26.062Z", "dateReserved": "2025-05-15T10:20:31.569Z", "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "datePublished": "2025-09-23T14:55:04.917Z", "assignerShortName": "WSO2"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wso2:api_control_plane:4.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "DEEA7DB5-BBF7-44A4-9FB6-0D235A44C680", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E31E32CD-497E-4EF5-B3FC-8718EE06EDAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:api_manager:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B58251E8-606B-47C8-8E50-9F9FC8C179BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:api_manager:4.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "51465410-6B7C-40FD-A1AB-A14F650A6AC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:api_manager:4.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "851470CC-22AB-43E4-9CC6-5E22D49B3572", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:api_manager:4.3.0:-:*:*:*:*:*:*", "matchCriteriaId": "9EBAB99E-6F0F-4CE9-A954-E8878826304C", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:api_manager:4.4.0:-:*:*:*:*:*:*", "matchCriteriaId": "0B3E6207-B2CF-487C-9CB8-906248B665C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:api_manager:4.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "D47B760D-5418-4FB0-88F0-3F78BAFF63E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:traffic_manager:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C7413107-D7B2-49AE-AC46-52E7BFCD6ED8", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:universal_gateway:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "61636553-C25E-44DF-93D7-EB3E1056D1DC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript, which is later rendered in the browser when accessed by other users.\n\nA successful attack could result in redirection to malicious websites, unauthorized UI modifications, or exfiltration of browser-accessible data. However, session-related sensitive cookies are protected by the httpOnly flag, preventing session hijacking."}], "id": "CVE-2025-4760", "lastModified": "2025-11-21T21:29:56.007", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "type": "Secondary"}]}, "published": "2025-09-23T15:15:31.063", "references": [{"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "tags": ["Vendor Advisory"], "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4104/"}], "sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "type": "Secondary"}]}

{}