Wso2 Org.wso2.carbon:org.wso2.carbon.ui
3 CVEs affecting Wso2 Org.wso2.carbon:org.wso2.carbon.ui. Latest disclosed: 2025-11-18. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-6670 | High | 8.8 | 2025-11-18 | A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple WSO2 products due to the use of the HTTP GET method for state-changing operations within a… |
CVE-2025-5350 | Medium | 5.9 | 2025-10-24 | SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users… |
CVE-2025-5605 | Medium | 4.3 | 2025-10-24 | An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate… |