CVE-2025-10503 in Identity ServerИнформация

Сводка

по MITRE • 29.04.2026

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting.

An attacker can leverage this vulnerability to redirect the user's browser to a malicious website, modify the user interface of the web page, retrieve information from the browser, or cause other harmful actions. However, due to the protection of session-related cookies with the httpOnly flag, session hijacking is not possible.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

WSO2

Резервировать

16.09.2025

Раскрытие

29.04.2026

Модерация

принято

Вход

VDB-360101

CPE

готов

CWE

CWE-79 (Подтверждённый)

CVSS

6.1 (CNA)

EPSS

0.00038

KEV

Нет

Деятельности

Очень низкий

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-10503
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-10503
CVE Details	https://www.cvedetails.com/cve/CVE-2025-10503/

◂ Предыдущий Обзор Далее ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!