WSO2 Identity Server (IS) is an identity server from WSO2, Inc. A security vulnerability exists in WSO2 Identity Server, which stems from the fact that in WSO2 Identity Server 5.7.0, a dom-based XSS attack can be executed that affects the callback parameter modifying the callback parameter before the After the username or password reset process is complete, JavaScript code is executed. (recoverpassword. For similar reasons, Do also has an open redirect issue.) . No detailed vulnerability details are currently available.