Filtered by vendor Wso2
Subscriptions
Filtered by product Wso2 Carbon Api Gateway
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8154 | 1 Wso2 | 6 Wso2 Api Control Plane, Wso2 Api Manager, Wso2 Carbon Api Gateway and 3 more | 2026-05-11 | 5.3 Medium |
| In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP response headers. This can lead to various adverse effects, including the manipulation of browser caching, alteration of security-related headers, and the injection of sensitive information such as cookie values, potentially enabling session hijacking or other malicious activities. | ||||
Page 1 of 1.