CVE-2025-8591 Reflected Cross-Site Scripting via URL Parameter in Multiple WSO2 Products Enables UI Modification
The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user's browser. This condition allows an attacker to inject malicious script content into pages served by the application. By leveraging this weakness, an attacker can...