Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.wso2.carbon.identity.framework/org.wso2.carbon.identity.user.store.configuration.ui@5.25.268

Type maven

Namespace org.wso2.carbon.identity.framework

Name org.wso2.carbon.identity.user.store.configuration.ui

Version 5.25.268

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.5.12

Latest_non_vulnerable_version 7.5.12

Affected_by_vulnerabilities

url VCID-patt-rxvz-r3gj

vulnerability_id VCID-patt-rxvz-r3gj

summary

WSO2 products vulnerable to Cross-site Scripting
A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser to execute arbitrary JavaScript in the context of the vulnerable page.

This vulnerability may allow UI manipulation, redirection to malicious websites, or data exfiltration from the browser. However, since all session-related sensitive cookies are protected with the httpOnly flag, session hijacking is not possible.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8008

reference_id

reference_type

scores

value	0.00079
scoring_system	epss
scoring_elements	0.23481
published_at	2026-06-08T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23537
published_at	2026-06-07T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23583
published_at	2026-06-06T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.236
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8008

reference_url

https://github.com/wso2/carbon-identity-framework

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wso2/carbon-identity-framework

reference_url

https://github.com/wso2/carbon-identity-framework/pull/5927

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wso2/carbon-identity-framework/pull/5927

reference_url

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3178

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3178

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-8008

reference_id

CVE-2024-8008

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-8008

reference_url	https://github.com/advisories/GHSA-xpxp-r8hf-wgf6
reference_id	GHSA-xpxp-r8hf-wgf6
reference_type
scores
url	https://github.com/advisories/GHSA-xpxp-r8hf-wgf6

reference_url

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3178/

reference_id

WSO2-2024-3178

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T17:05:11Z/

url

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3178/

fixed_packages

url	pkg:maven/org.wso2.carbon.identity.framework/org.wso2.carbon.identity.user.store.configuration.ui@7.5.12
purl	pkg:maven/org.wso2.carbon.identity.framework/org.wso2.carbon.identity.user.store.configuration.ui@7.5.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.carbon.identity.framework/org.wso2.carbon.identity.user.store.configuration.ui@7.5.12

aliases CVE-2024-8008, GHSA-xpxp-r8hf-wgf6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-patt-rxvz-r3gj

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.carbon.identity.framework/org.wso2.carbon.identity.user.store.configuration.ui@5.25.268

Package Instance