1. Home
  2. CVE Database
  3. CVE-2024-10242
MEDIUM · 6.1

CVE-2024-10242

The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input param...

Vulnerability Description

The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim's browser. Successful exploitation can enable an attacker to redirect the user's browser to a malicious website, modify the UI of the web page, or retrieve information from the browser. However, the impact is limited as session-related sensitive cookies are protected by the httpOnly flag, preventing session hijacking.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
Wso2Api Manager>= 3.2.0, < 3.2.0.401

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2024-10242?

CVE-2024-10242 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input param...

How severe is CVE-2024-10242?

CVE-2024-10242 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-10242?

Check the references section above for vendor advisories and patch information. Affected products include: Wso2 Api Manager.