XSS Reflected in WSO2 Identity Server
|Title||XSS Reflected in WSO2 Identity Server|
|Class||XSS Reflected, HTML Injection|
WSO2 Identity Server 5.10.0.
Other products versions are probably also vulnerable, but they were not checked.
Proof of Concept
The login URL is composed as follows:
After the “tenantDomain” field, you can enter HTML code that will be inserted into the response page
Below is the GET request on the login page.
The server response with the executed XSS code: