CVE-2025-0209

Medium CVSS: 6.1

A reflected cross-site scripting (XSS) vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the server response, enabling the execution of arbitrary JavaScript in the victim's browser.

This vulnerability could allow attackers to redirect users to malicious websites, modify the user interface, or exfiltrate data from the browser. However, session-related sensitive cookies are protected using the httpOnly flag, which mitigates the risk of session hijacking.

Vendor

Wso2

Product

Identity Server

CWE

CWE-79

Yayın Tarihi

2025-09-23 18:15:29

Güncelleme

2025-10-06 13:45:48

Source Identifier

ed10eef1-636d-4fbe-9993-6890dfa878f8

KEV Date Added

Kategoriler

CWE-79 Identity Server MEDIUM Wso2 2025

Referanslar

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3902/

Benzer Kayıtlar

High

CVE-2024-1524

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk…

Critical

CVE-2025-13590

A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the d…

High

CVE-2025-12107

Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject a…

Critical

CVE-2025-9312

A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation used by System REST AP…

High

CVE-2025-6670

A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple WSO2 products due to the use of the HTTP GET method…

Medium

CVE-2025-10853

A reflected cross-site scripting (XSS) vulnerability exists in the management console of multiple WSO2 products due to i…