Is CVE-2024-10242 actively exploited?

CVE-2024-10242 has no public evidence of in-the-wild exploitation as of 2026-04-23.

What is the CVSS score for CVE-2024-10242?

CVE-2024-10242 has a CVSS score of 6.1 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

How do I patch CVE-2024-10242?

Patch guidance is available from wso2 security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-10242.

Which products are affected by CVE-2024-10242?

2 products: wso2 api manager, wso2 api manager.

CVE-2024-10242 - remediation guidance & executive summary

Description

The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim's browser. Successful exploitation can enable an attacker to redirect the user's browser to a malicious website, modify the UI of the web page, or retrieve information from the browser. However, the impact is limited as session-related sensitive cookies are protected by the httpOnly flag, preventing session hijacking.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: required
Scope: changed
Confidentiality: low
Integrity: low
Availability: none
Weaknesses: CWE-79 · Cross-site Scripting (XSS)

Metadata

Primary Vendor: WSO2
Published: 4/16/2026
Last Modified: 4/23/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2024-10242

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary