CVE-2025-10853 (GCVE-0-2025-10853)
Vulnerability from cvelistv5 – Published: 2025-11-05 19:21 – Updated: 2025-11-05 19:58
VLAI?
Summary
A reflected cross-site scripting (XSS) vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS.
Successful exploitation could result in UI manipulation, redirection to malicious websites, or data theft from the browser. However, session-related sensitive cookies are protected with the httpOnly flag, which mitigates the risk of session hijacking.
Severity ?
5.2 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WSO2 | WSO2 Open Banking IAM |
Unknown:
0 , < 2.0.0
(custom)
Affected: 2.0.0 , < 2.0.0.413 (custom) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
crnković
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T19:51:26.535789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T19:58:21.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WSO2 Open Banking IAM",
"vendor": "WSO2",
"versions": [
{
"lessThan": "2.0.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.0.0.413",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 API Manager",
"vendor": "WSO2",
"versions": [
{
"lessThan": "3.1.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.1.0.344",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
},
{
"lessThan": "3.2.0.445",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
},
{
"lessThan": "3.2.1.65",
"status": "affected",
"version": "3.2.1",
"versionType": "custom"
},
{
"lessThan": "4.0.0.365",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "4.1.0.227",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
},
{
"lessThan": "4.2.0.167",
"status": "affected",
"version": "4.2.0",
"versionType": "custom"
},
{
"lessThan": "4.3.0.79",
"status": "affected",
"version": "4.3.0",
"versionType": "custom"
},
{
"lessThan": "4.4.0.43",
"status": "affected",
"version": "4.4.0",
"versionType": "custom"
},
{
"lessThan": "4.5.0.26",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 Identity Server",
"vendor": "WSO2",
"versions": [
{
"lessThan": "5.10.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.10.0.373",
"status": "affected",
"version": "5.10.0",
"versionType": "custom"
},
{
"lessThan": "5.11.0.417",
"status": "affected",
"version": "5.11.0",
"versionType": "custom"
},
{
"lessThan": "6.0.0.247",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.0.246",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "7.0.0.122",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "7.1.0.29",
"status": "affected",
"version": "7.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 Open Banking AM",
"vendor": "WSO2",
"versions": [
{
"lessThan": "2.0.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.0.0.393",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 Identity Server as Key Manager",
"vendor": "WSO2",
"versions": [
{
"lessThan": "5.10.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.10.0.363",
"status": "affected",
"version": "5.10.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 Enterprise Integrator",
"vendor": "WSO2",
"versions": [
{
"lessThan": "6.6.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "6.6.0.223",
"status": "affected",
"version": "6.6.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 API Control Plane",
"vendor": "WSO2",
"versions": [
{
"lessThan": "4.5.0.27",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 Universal Gateway",
"vendor": "WSO2",
"versions": [
{
"lessThan": "4.5.0.25",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 Traffic Manager",
"vendor": "WSO2",
"versions": [
{
"lessThan": "4.5.0.25",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "org.wso2.carbon.registry:org.wso2.carbon.registry.info.ui",
"product": "org.wso2.carbon.registry:org.wso2.carbon.registry.info.ui",
"vendor": "WSO2",
"versions": [
{
"lessThan": "4.7.32.14",
"status": "affected",
"version": "4.7.32",
"versionType": "custom"
},
{
"lessThan": "4.7.35.11",
"status": "affected",
"version": "4.7.35",
"versionType": "custom"
},
{
"lessThan": "4.7.39.9",
"status": "affected",
"version": "4.7.39",
"versionType": "custom"
},
{
"lessThan": "4.7.51.4",
"status": "affected",
"version": "4.7.51",
"versionType": "custom"
},
{
"lessThan": "4.8.3.9",
"status": "affected",
"version": "4.8.3",
"versionType": "custom"
},
{
"lessThan": "4.8.13.6",
"status": "affected",
"version": "4.8.13",
"versionType": "custom"
},
{
"lessThan": "4.8.32.3",
"status": "affected",
"version": "4.8.32",
"versionType": "custom"
},
{
"lessThan": "4.8.36.1",
"status": "affected",
"version": "4.8.36",
"versionType": "custom"
},
{
"lessThan": "4.8.43.1",
"status": "affected",
"version": "4.8.43",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "4.8.47",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "org.wso2.carbon.registry:org.wso2.carbon.registry.resource.ui",
"product": "org.wso2.carbon.registry:org.wso2.carbon.registry.resource.ui",
"vendor": "WSO2",
"versions": [
{
"lessThan": "4.7.24.7",
"status": "affected",
"version": "4.7.24",
"versionType": "custom"
},
{
"lessThan": "4.7.32.14",
"status": "affected",
"version": "4.7.32",
"versionType": "custom"
},
{
"lessThan": "4.7.33.13",
"status": "affected",
"version": "4.7.33",
"versionType": "custom"
},
{
"lessThan": "4.7.35.11",
"status": "affected",
"version": "4.7.35",
"versionType": "custom"
},
{
"lessThan": "4.7.39.9",
"status": "affected",
"version": "4.7.39",
"versionType": "custom"
},
{
"lessThan": "4.7.51.4",
"status": "affected",
"version": "4.7.51",
"versionType": "custom"
},
{
"lessThan": "4.8.3.9",
"status": "affected",
"version": "4.8.3",
"versionType": "custom"
},
{
"lessThan": "4.8.9.5",
"status": "affected",
"version": "4.8.9",
"versionType": "custom"
},
{
"lessThan": "4.8.12.5",
"status": "affected",
"version": "4.8.12",
"versionType": "custom"
},
{
"lessThan": "4.8.13.6",
"status": "affected",
"version": "4.8.13",
"versionType": "custom"
},
{
"lessThan": "4.8.24.3",
"status": "affected",
"version": "4.8.24",
"versionType": "custom"
},
{
"lessThan": "4.8.32.3",
"status": "affected",
"version": "4.8.32",
"versionType": "custom"
},
{
"lessThan": "4.8.36.1",
"status": "affected",
"version": "4.8.36",
"versionType": "custom"
},
{
"lessThan": "4.8.43.1",
"status": "affected",
"version": "4.8.43",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "4.8.47",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "org.wso2.carbon.governance:org.wso2.carbon.governance.wsdltool.ui",
"product": "org.wso2.carbon.governance:org.wso2.carbon.governance.wsdltool.ui",
"vendor": "WSO2",
"versions": [
{
"lessThan": "4.8.19.5",
"status": "affected",
"version": "4.8.19",
"versionType": "custom"
},
{
"lessThan": "4.8.21.9",
"status": "affected",
"version": "4.8.21",
"versionType": "custom"
},
{
"lessThan": "4.8.28.3",
"status": "affected",
"version": "4.8.28",
"versionType": "custom"
},
{
"lessThan": "4.8.30.3",
"status": "affected",
"version": "4.8.30",
"versionType": "custom"
},
{
"lessThan": "4.8.32.1",
"status": "affected",
"version": "4.8.32",
"versionType": "custom"
},
{
"lessThan": "4.8.33.3",
"status": "affected",
"version": "4.8.33",
"versionType": "custom"
},
{
"lessThan": "4.8.34.3",
"status": "affected",
"version": "4.8.34",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "4.8.35",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "org.wso2.carbon.identity.inbound.auth.oauth2:org.wso2.carbon.identity.oauth.ui",
"product": "org.wso2.carbon.identity.inbound.auth.oauth2:org.wso2.carbon.identity.oauth.ui",
"vendor": "WSO2",
"versions": [
{
"lessThan": "6.4.2.165",
"status": "affected",
"version": "6.4.2",
"versionType": "custom"
},
{
"lessThan": "6.4.111.155",
"status": "affected",
"version": "6.4.111",
"versionType": "custom"
},
{
"lessThan": "6.4.176.28",
"status": "affected",
"version": "6.4.176",
"versionType": "custom"
},
{
"lessThan": "6.4.180.12",
"status": "affected",
"version": "6.4.180",
"versionType": "custom"
},
{
"lessThan": "6.9.6.26",
"status": "affected",
"version": "6.9.6",
"versionType": "custom"
},
{
"lessThan": "6.13.16.19",
"status": "affected",
"version": "6.13.16",
"versionType": "custom"
},
{
"lessThan": "6.13.19.12",
"status": "affected",
"version": "6.13.19",
"versionType": "custom"
},
{
"lessThan": "6.13.27.5",
"status": "affected",
"version": "6.13.27",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.38",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0.349",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:wso2_open_banking_iam:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.0.413",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.0.344",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.0.445",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.1.65",
"versionStartIncluding": "3.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.0.365",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1.0.227",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.2.0.167",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.0.79",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.0.43",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.0.26",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.0.373",
"versionStartIncluding": "5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11.0.417",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.0.247",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.0.246",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.0.122",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1.0.29",
"versionStartIncluding": "7.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:wso2_open_banking_am:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.0.393",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:wso2_identity_server_as_key_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.0.363",
"versionStartIncluding": "5.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:wso2_enterprise_integrator:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.0.223",
"versionStartIncluding": "6.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.0.27",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.0.25",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.0.25",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.32.14",
"versionStartIncluding": "4.7.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.35.11",
"versionStartIncluding": "4.7.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.39.9",
"versionStartIncluding": "4.7.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.51.4",
"versionStartIncluding": "4.7.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.3.9",
"versionStartIncluding": "4.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.13.6",
"versionStartIncluding": "4.8.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.32.3",
"versionStartIncluding": "4.8.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.36.1",
"versionStartIncluding": "4.8.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.43.1",
"versionStartIncluding": "4.8.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*",
"versionEndIncluding": "*",
"versionStartIncluding": "4.8.47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.24.7",
"versionStartIncluding": "4.7.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.32.14",
"versionStartIncluding": "4.7.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.33.13",
"versionStartIncluding": "4.7.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.35.11",
"versionStartIncluding": "4.7.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.39.9",
"versionStartIncluding": "4.7.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.51.4",
"versionStartIncluding": "4.7.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.3.9",
"versionStartIncluding": "4.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.9.5",
"versionStartIncluding": "4.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.12.5",
"versionStartIncluding": "4.8.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.13.6",
"versionStartIncluding": "4.8.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.24.3",
"versionStartIncluding": "4.8.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.32.3",
"versionStartIncluding": "4.8.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.36.1",
"versionStartIncluding": "4.8.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.43.1",
"versionStartIncluding": "4.8.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*",
"versionEndIncluding": "*",
"versionStartIncluding": "4.8.47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.governance_org.wso2.carbon.governance.wsdltool.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.19.5",
"versionStartIncluding": "4.8.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.governance_org.wso2.carbon.governance.wsdltool.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.21.9",
"versionStartIncluding": "4.8.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.governance_org.wso2.carbon.governance.wsdltool.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.28.3",
"versionStartIncluding": "4.8.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.governance_org.wso2.carbon.governance.wsdltool.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.30.3",
"versionStartIncluding": "4.8.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.governance_org.wso2.carbon.governance.wsdltool.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.32.1",
"versionStartIncluding": "4.8.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.governance_org.wso2.carbon.governance.wsdltool.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.33.3",
"versionStartIncluding": "4.8.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.governance_org.wso2.carbon.governance.wsdltool.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.34.3",
"versionStartIncluding": "4.8.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.governance_org.wso2.carbon.governance.wsdltool.ui:*:*:*:*:*:*:*:*",
"versionEndIncluding": "*",
"versionStartIncluding": "4.8.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.2.165",
"versionStartIncluding": "6.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.111.155",
"versionStartIncluding": "6.4.111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.176.28",
"versionStartIncluding": "6.4.176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.180.12",
"versionStartIncluding": "6.4.180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.6.26",
"versionStartIncluding": "6.9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.16.19",
"versionStartIncluding": "6.13.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.19.12",
"versionStartIncluding": "6.13.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.27.5",
"versionStartIncluding": "6.13.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.13.*",
"versionStartIncluding": "6.13.38",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*",
"versionEndIncluding": "*",
"versionStartIncluding": "7.0.349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "crnkovi\u0107"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A reflected cross-site scripting (XSS) vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation could result in UI manipulation, redirection to malicious websites, or data theft from the browser. However, session-related sensitive cookies are protected with the httpOnly flag, which mitigates the risk of session hijacking."
}
],
"value": "A reflected cross-site scripting (XSS) vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS.\n\nSuccessful exploitation could result in UI manipulation, redirection to malicious websites, or data theft from the browser. However, session-related sensitive cookies are protected with the httpOnly flag, which mitigates the risk of session hijacking."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T19:21:32.971Z",
"orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"shortName": "WSO2"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4486/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4486/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4486/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
}
],
"value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4486/#solution"
}
],
"source": {
"advisory": "WSO2-2025-4486",
"discovery": "EXTERNAL"
},
"title": "Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"assignerShortName": "WSO2",
"cveId": "CVE-2025-10853",
"datePublished": "2025-11-05T19:21:32.971Z",
"dateReserved": "2025-09-22T10:42:09.872Z",
"dateUpdated": "2025-11-05T19:58:21.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-10853\",\"sourceIdentifier\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"published\":\"2025-11-05T20:15:32.297\",\"lastModified\":\"2025-11-13T15:31:45.670\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A reflected cross-site scripting (XSS) vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS.\\n\\nSuccessful exploitation could result in UI manipulation, redirection to malicious websites, or data theft from the browser. However, session-related sensitive cookies are protected with the httpOnly flag, which mitigates the risk of session hijacking.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_control_plane:4.5.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEEA7DB5-BBF7-44A4-9FB6-0D235A44C680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1344FB79-0796-445C-A8F3-C03E995925D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E31E32CD-497E-4EF5-B3FC-8718EE06EDAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B58251E8-606B-47C8-8E50-9F9FC8C179BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E21D7ABF-C328-425D-B914-618C7628220B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:4.1.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"51465410-6B7C-40FD-A1AB-A14F650A6AC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:4.2.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"851470CC-22AB-43E4-9CC6-5E22D49B3572\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:4.3.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EBAB99E-6F0F-4CE9-A954-E8878826304C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:4.4.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B3E6207-B2CF-487C-9CB8-906248B665C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:4.5.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D47B760D-5418-4FB0-88F0-3F78BAFF63E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_integrator:6.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4A07C73-3E6B-4CF9-BEB9-39C6081C0332\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server:5.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4F126CA-A2F9-44F4-968B-DF71765869E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server:5.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2153AECE-020A-4C01-B2A6-F9F5D98E7EBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server:6.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"32CE7893-AD1A-49E5-BD1A-5E9C2DEB8764\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server:6.1.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA76533A-5BED-4BDC-B348-EB3D3FDFB110\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server:7.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1EFBD0F-9664-4EF3-9908-C72B1318F68F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server:7.1.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5358E6E-8C01-408D-8692-B1A326DC630F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BB34405-A2F1-461A-B51B-E103BB3680A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:open_banking_am:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94347800-04D2-48C4-ACF0-078A5ACBB063\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:open_banking_iam:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7C241A3-8EA0-41E4-ABF3-21B9D8E7A5BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:traffic_manager:4.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7413107-D7B2-49AE-AC46-52E7BFCD6ED8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:universal_gateway:4.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61636553-C25E-44DF-93D7-EB3E1056D1DC\"}]}]}],\"references\":[{\"url\":\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4486/\",\"source\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-10853\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-05T19:51:26.535789Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-05T19:52:57.314Z\"}}], \"cna\": {\"title\": \"Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding\", \"source\": {\"advisory\": \"WSO2-2025-4486\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"crnkovi\\u0107\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.2, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"WSO2\", \"product\": \"WSO2 Open Banking IAM\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"2.0.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"2.0.0\", \"lessThan\": \"2.0.0.413\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"WSO2 API Manager\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"3.1.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.1.0\", \"lessThan\": \"3.1.0.344\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.2.0\", \"lessThan\": \"3.2.0.445\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.2.1\", \"lessThan\": \"3.2.1.65\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.0.0\", \"lessThan\": \"4.0.0.365\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.1.0\", \"lessThan\": \"4.1.0.227\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.2.0\", \"lessThan\": \"4.2.0.167\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.3.0\", \"lessThan\": \"4.3.0.79\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.0\", \"lessThan\": \"4.4.0.43\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.5.0\", \"lessThan\": \"4.5.0.26\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"WSO2 Identity Server\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"5.10.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"5.10.0\", \"lessThan\": \"5.10.0.373\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"5.11.0\", \"lessThan\": \"5.11.0.417\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.0.0.247\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.1.0\", \"lessThan\": \"6.1.0.246\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"lessThan\": \"7.0.0.122\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.1.0\", \"lessThan\": \"7.1.0.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"WSO2 Open Banking AM\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"2.0.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"2.0.0\", \"lessThan\": \"2.0.0.393\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"WSO2 Identity Server as Key Manager\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"5.10.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"5.10.0\", \"lessThan\": \"5.10.0.363\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"WSO2 Enterprise Integrator\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"6.6.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.6.0\", \"lessThan\": \"6.6.0.223\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"WSO2 API Control Plane\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.5.0\", \"lessThan\": \"4.5.0.27\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"WSO2 Universal Gateway\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.5.0\", \"lessThan\": \"4.5.0.25\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"WSO2 Traffic Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.5.0\", \"lessThan\": \"4.5.0.25\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"org.wso2.carbon.registry:org.wso2.carbon.registry.info.ui\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.7.32\", \"lessThan\": \"4.7.32.14\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.7.35\", \"lessThan\": \"4.7.35.11\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.7.39\", \"lessThan\": \"4.7.39.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.7.51\", \"lessThan\": \"4.7.51.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.3\", \"lessThan\": \"4.8.3.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.13\", \"lessThan\": \"4.8.13.6\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.32\", \"lessThan\": \"4.8.32.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.36\", \"lessThan\": \"4.8.36.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.43\", \"lessThan\": \"4.8.43.1\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"4.8.47\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"*\"}], \"packageName\": \"org.wso2.carbon.registry:org.wso2.carbon.registry.info.ui\", \"defaultStatus\": \"unknown\"}, {\"vendor\": \"WSO2\", \"product\": \"org.wso2.carbon.registry:org.wso2.carbon.registry.resource.ui\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.7.24\", \"lessThan\": \"4.7.24.7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.7.32\", \"lessThan\": \"4.7.32.14\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.7.33\", \"lessThan\": \"4.7.33.13\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.7.35\", \"lessThan\": \"4.7.35.11\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.7.39\", \"lessThan\": \"4.7.39.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.7.51\", \"lessThan\": \"4.7.51.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.3\", \"lessThan\": \"4.8.3.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.9\", \"lessThan\": \"4.8.9.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.12\", \"lessThan\": \"4.8.12.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.13\", \"lessThan\": \"4.8.13.6\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.24\", \"lessThan\": \"4.8.24.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.32\", \"lessThan\": \"4.8.32.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.36\", \"lessThan\": \"4.8.36.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.43\", \"lessThan\": \"4.8.43.1\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"4.8.47\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"*\"}], \"packageName\": \"org.wso2.carbon.registry:org.wso2.carbon.registry.resource.ui\", \"defaultStatus\": \"unknown\"}, {\"vendor\": \"WSO2\", \"product\": \"org.wso2.carbon.governance:org.wso2.carbon.governance.wsdltool.ui\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.8.19\", \"lessThan\": \"4.8.19.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.21\", \"lessThan\": \"4.8.21.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.28\", \"lessThan\": \"4.8.28.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.30\", \"lessThan\": \"4.8.30.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.32\", \"lessThan\": \"4.8.32.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.33\", \"lessThan\": \"4.8.33.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.34\", \"lessThan\": \"4.8.34.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.8.35\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"*\"}], \"packageName\": \"org.wso2.carbon.governance:org.wso2.carbon.governance.wsdltool.ui\", \"defaultStatus\": \"unknown\"}, {\"vendor\": \"WSO2\", \"product\": \"org.wso2.carbon.identity.inbound.auth.oauth2:org.wso2.carbon.identity.oauth.ui\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.4.2\", \"lessThan\": \"6.4.2.165\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.4.111\", \"lessThan\": \"6.4.111.155\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.4.176\", \"lessThan\": \"6.4.176.28\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.4.180\", \"lessThan\": \"6.4.180.12\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.9.6\", \"lessThan\": \"6.9.6.26\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.13.16\", \"lessThan\": \"6.13.16.19\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.13.19\", \"lessThan\": \"6.13.19.12\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.13.27\", \"lessThan\": \"6.13.27.5\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"6.13.38\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.13.*\"}, {\"status\": \"unaffected\", \"version\": \"7.0.349\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"*\"}], \"packageName\": \"org.wso2.carbon.identity.inbound.auth.oauth2:org.wso2.carbon.identity.oauth.ui\", \"defaultStatus\": \"unknown\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4486/#solution\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: transparent;\\\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4486/#solution\\\"\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4486/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4486/\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A reflected cross-site scripting (XSS) vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS.\\n\\nSuccessful exploitation could result in UI manipulation, redirection to malicious websites, or data theft from the browser. However, session-related sensitive cookies are protected with the httpOnly flag, which mitigates the risk of session hijacking.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A reflected cross-site scripting (XSS) vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation could result in UI manipulation, redirection to malicious websites, or data theft from the browser. However, session-related sensitive cookies are protected with the httpOnly flag, which mitigates the risk of session hijacking.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:wso2:wso2_open_banking_iam:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2.0.0.413\", \"versionStartIncluding\": \"2.0.0\"}], \"operator\": \"OR\"}, {\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"3.1.0.344\", \"versionStartIncluding\": \"3.1.0\"}, {\"criteria\": \"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"3.2.0.445\", \"versionStartIncluding\": \"3.2.0\"}, {\"criteria\": \"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"3.2.1.65\", \"versionStartIncluding\": \"3.2.1\"}, {\"criteria\": \"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.0.0.365\", \"versionStartIncluding\": \"4.0.0\"}, {\"criteria\": \"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.1.0.227\", \"versionStartIncluding\": \"4.1.0\"}, {\"criteria\": \"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.2.0.167\", \"versionStartIncluding\": \"4.2.0\"}, {\"criteria\": \"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.3.0.79\", \"versionStartIncluding\": \"4.3.0\"}, {\"criteria\": \"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.4.0.43\", \"versionStartIncluding\": \"4.4.0\"}, {\"criteria\": \"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.5.0.26\", \"versionStartIncluding\": \"4.5.0\"}], \"operator\": \"OR\"}, {\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.0.373\", \"versionStartIncluding\": \"5.10.0\"}, {\"criteria\": \"cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.11.0.417\", \"versionStartIncluding\": \"5.11.0\"}, {\"criteria\": \"cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.0.0.247\", \"versionStartIncluding\": \"6.0.0\"}, {\"criteria\": \"cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.0.246\", \"versionStartIncluding\": \"6.1.0\"}, {\"criteria\": \"cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"7.0.0.122\", \"versionStartIncluding\": \"7.0.0\"}, {\"criteria\": \"cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"7.1.0.29\", \"versionStartIncluding\": \"7.1.0\"}], \"operator\": \"OR\"}, {\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:wso2:wso2_open_banking_am:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2.0.0.393\", \"versionStartIncluding\": \"2.0.0\"}], \"operator\": \"OR\"}, {\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:wso2:wso2_identity_server_as_key_manager:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.0.363\", \"versionStartIncluding\": \"5.10.0\"}], \"operator\": \"OR\"}, {\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:wso2:wso2_enterprise_integrator:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.0.223\", \"versionStartIncluding\": \"6.6.0\"}], \"operator\": \"OR\"}, {\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.5.0.27\", \"versionStartIncluding\": \"4.5.0\"}], \"operator\": \"OR\"}, {\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.5.0.25\", \"versionStartIncluding\": \"4.5.0\"}], \"operator\": \"OR\"}, {\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.5.0.25\", \"versionStartIncluding\": \"4.5.0\"}], \"operator\": \"OR\"}, {\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.7.32.14\", \"versionStartIncluding\": \"4.7.32\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.7.35.11\", \"versionStartIncluding\": \"4.7.35\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.7.39.9\", \"versionStartIncluding\": \"4.7.39\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.7.51.4\", \"versionStartIncluding\": \"4.7.51\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.3.9\", \"versionStartIncluding\": \"4.8.3\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.13.6\", \"versionStartIncluding\": \"4.8.13\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.32.3\", \"versionStartIncluding\": \"4.8.32\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.36.1\", \"versionStartIncluding\": \"4.8.36\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.43.1\", \"versionStartIncluding\": \"4.8.43\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.info.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": false, \"versionEndIncluding\": \"*\", \"versionStartIncluding\": \"4.8.47\"}], \"operator\": \"OR\"}, {\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.7.24.7\", \"versionStartIncluding\": \"4.7.24\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.7.32.14\", \"versionStartIncluding\": \"4.7.32\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.7.33.13\", \"versionStartIncluding\": \"4.7.33\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.7.35.11\", \"versionStartIncluding\": \"4.7.35\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.7.39.9\", \"versionStartIncluding\": \"4.7.39\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.7.51.4\", \"versionStartIncluding\": \"4.7.51\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.3.9\", \"versionStartIncluding\": \"4.8.3\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.9.5\", \"versionStartIncluding\": \"4.8.9\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.12.5\", \"versionStartIncluding\": \"4.8.12\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.13.6\", \"versionStartIncluding\": \"4.8.13\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.24.3\", \"versionStartIncluding\": \"4.8.24\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.32.3\", \"versionStartIncluding\": \"4.8.32\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.36.1\", \"versionStartIncluding\": \"4.8.36\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.43.1\", \"versionStartIncluding\": \"4.8.43\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.registry_org.wso2.carbon.registry.resource.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": false, \"versionEndIncluding\": \"*\", \"versionStartIncluding\": \"4.8.47\"}], \"operator\": \"OR\"}, {\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.governance_org.wso2.carbon.governance.wsdltool.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.19.5\", \"versionStartIncluding\": \"4.8.19\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.governance_org.wso2.carbon.governance.wsdltool.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.21.9\", \"versionStartIncluding\": \"4.8.21\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.governance_org.wso2.carbon.governance.wsdltool.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.28.3\", \"versionStartIncluding\": \"4.8.28\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.governance_org.wso2.carbon.governance.wsdltool.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.30.3\", \"versionStartIncluding\": \"4.8.30\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.governance_org.wso2.carbon.governance.wsdltool.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.32.1\", \"versionStartIncluding\": \"4.8.32\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.governance_org.wso2.carbon.governance.wsdltool.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.33.3\", \"versionStartIncluding\": \"4.8.33\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.governance_org.wso2.carbon.governance.wsdltool.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.34.3\", \"versionStartIncluding\": \"4.8.34\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.governance_org.wso2.carbon.governance.wsdltool.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"*\", \"versionStartIncluding\": \"4.8.35\"}], \"operator\": \"OR\"}, {\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.4.2.165\", \"versionStartIncluding\": \"6.4.2\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.4.111.155\", \"versionStartIncluding\": \"6.4.111\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.4.176.28\", \"versionStartIncluding\": \"6.4.176\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.4.180.12\", \"versionStartIncluding\": \"6.4.180\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.9.6.26\", \"versionStartIncluding\": \"6.9.6\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.13.16.19\", \"versionStartIncluding\": \"6.13.16\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.13.19.12\", \"versionStartIncluding\": \"6.13.19\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.13.27.5\", \"versionStartIncluding\": \"6.13.27\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": false, \"versionEndIncluding\": \"6.13.*\", \"versionStartIncluding\": \"6.13.38\"}, {\"criteria\": \"cpe:2.3:a:wso2:org.wso2.carbon.identity.inbound.auth.oauth2_org.wso2.carbon.identity.oauth.ui:*:*:*:*:*:*:*:*\", \"vulnerable\": false, \"versionEndIncluding\": \"*\", \"versionStartIncluding\": \"7.0.349\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"ed10eef1-636d-4fbe-9993-6890dfa878f8\", \"shortName\": \"WSO2\", \"dateUpdated\": \"2025-11-05T19:21:32.971Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-10853\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-05T19:58:21.875Z\", \"dateReserved\": \"2025-09-22T10:42:09.872Z\", \"assignerOrgId\": \"ed10eef1-636d-4fbe-9993-6890dfa878f8\", \"datePublished\": \"2025-11-05T19:21:32.971Z\", \"assignerShortName\": \"WSO2\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…