CVE-2025-10853

Name of the Vulnerable Software and Affected Versions WSO2 products (affected versions not specified)

Description A reflected cross-site scripting (XSS) issue exists in the management console of multiple WSO2 products because of improper output encoding. A malicious actor can inject arbitrary JavaScript into the response by manipulating specific parameters, resulting in reflected XSS. Successful exploitation could lead to UI manipulation, redirection to malicious websites, or data theft from the browser. Session-related sensitive cookies are protected with the httpOnly flag, which reduces the risk of session hijacking.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.