CVE-2025-5770

Name of the Vulnerable Software and Affected Versions WSO2 products (affected versions not specified)

Description A reflected cross-site scripting (XSS) issue exists in the authentication endpoints of WSO2 products because of insufficient output encoding. An attacker can inject JavaScript payloads into the authentication endpoint, which are then reflected in the response, potentially leading to browser-based attacks. Exploitation could result in redirection to malicious websites, UI manipulation, or unauthorized data access from the victim’s browser. Session cookies are protected with the httpOnly flag, which limits the risk of session hijacking through this method. The vulnerable endpoints are the authentication endpoints.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.