cbcvebase.
CVE-2025-5770
published 2025-11-05

CVE-2025-5770: A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A…

PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.18%
7.8th percentile
A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling browser-based attacks. Exploitation may result in redirection to malicious websites, UI manipulation, or unauthorized data access from the victim’s browser. However, session-related cookies are protected with the httpOnly flag, which mitigates session hijacking via this vector.

Affected

18 ranges
VendorProductVersion rangeFixed in
wso2api_control_plane
wso2api_manager
wso2api_manager
wso2api_manager
wso2api_manager
wso2identity_server
wso2identity_server
wso2identity_server
wso2identity_server
wso2wso2_api_control_plane>= 4.5.0 < 4.5.0.114.5.0.11
wso2wso2_api_manager>= 4.2.0 < 4.2.0.1504.2.0.150
wso2wso2_api_manager>= 4.3.0 < 4.3.0.634.3.0.63
wso2wso2_api_manager>= 4.4.0 < 4.4.0.264.4.0.26
wso2wso2_api_manager>= 4.5.0 < 4.5.0.104.5.0.10
wso2wso2_identity_server>= 6.0.0 < 6.0.0.2476.0.0.247
wso2wso2_identity_server>= 6.1.0 < 6.1.0.2466.1.0.246
wso2wso2_identity_server>= 7.0.0 < 7.0.0.1227.0.0.122
wso2wso2_identity_server>= 7.1.0 < 7.1.0.297.1.0.29
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.