CVE-2024-4867 — Cross-Site Scripting (XSS)
Image via images.unsplash.com
CVE-2024-4867 — The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging thi
What This Means For You
- If your environment is affected by CWE-79, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2024-4867 updates and patches.
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2024-4867 | vulnerability | CVE-2024-4867 |
| CWE-79 | weakness | CWE-79 |
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 16, 2026 at 13:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related Posts
Rhysida Ransomware Hits Tennessee Hospital, Leaks 500GB Data
Cookeville Regional Medical Center, a Tennessee-based hospital, fell victim to a significant data breach last year, as reported by SecurityWeek. The notorious Rhysida ransomware group...
DirectoryPress Plugin Flaw Exposes WordPress Sites to SQL Injection
CVE-2026-3489 — The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions...
CVE-2026-3369 — Cross-Site Scripting (XSS)
CVE-2026-3369 — The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions...