Description

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this vulnerability to redirect the user's browser to a malicious website, modify the user interface of the web page, retrieve information from the browser, or cause other harmful actions. However, due to the protection of session-related cookies with the httpOnly flag, session hijacking is not possible.

INFO

Published Date :

2026-04-29T08:08:37.335Z

Last Modified :

2026-04-29T12:28:52.278Z

Source :

WSO2
AFFECTED PRODUCTS

The following products are affected by CVE-2025-10503 vulnerability.

Vendors Products
Wso2
  • Wso2 Identity Server
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-10503.

URL Resource
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4577/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact