CVE-2025-0209

Name of the Vulnerable Software and Affected Versions WSO2 Identity Server (affected versions not specified)

Description A reflected cross-site scripting (XSS) issue exists in the account registration process. This is due to improper output encoding, allowing a malicious actor to inject a crafted payload that is reflected in the server response, potentially leading to the execution of arbitrary JavaScript in a victim’s browser. This could allow attackers to redirect users to malicious websites, modify the user interface, or exfiltrate data from the browser. Session-related sensitive cookies are protected using the httpOnly flag, which reduces the risk of session hijacking.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.