CVE-2025-10503

Name of the Vulnerable Software and Affected Versions The product name cannot be determined (affected versions not specified)

Description The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting (a flaw where a script is reflected off a web application to the user's browser). An attacker can leverage this to redirect the user's browser to a malicious website, modify the web page user interface, or retrieve information from the browser. Session hijacking is not possible because session-related cookies are protected with the httpOnly flag.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.