CVE-2025-10853 | WSO2 Open Banking IAM Management Console cross site scripting

A vulnerability classified as problematic has been found in WSO2 Open Banking IAM, API Manager, Identity Server, Open Banking AM, Identity Server as Key Manager, Enterprise Integrator, API Control Plane, Universal Gateway, Traffic Manager, org.wso2.carbon.registry:org.wso2.carbon.registry.info.ui, org.wso2.carbon.registry:org.wso2.carbon.registry.resource.ui, org.wso2.carbon.governance:org.wso2.carbon.governance.wsdltool.ui and org.wso2.carbon.identity.inbound.auth.oauth2:org.wso2.carbon.identity.oauth.ui. This vulnerability affects unknown code of the component Management Console. Performing manipulation results in cross site scripting.

This vulnerability was named CVE-2025-10853. The attack needs to be approached within the local network. There is no available exploit.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More