{"id":"CVE-2021-36760","details":"In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open redirect issue for a similar reason.)","modified":"2026-04-11T12:36:45.828321Z","published":"2021-12-07T21:15:08.297Z","database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:wso2:identity_server:5.10.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"5.10.0"}]},{"cpe":"cpe:2.3:a:wso2:identity_server:5.11.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"5.11.0"}]},{"cpe":"cpe:2.3:a:wso2:identity_server:5.7.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"5.7.0"}]},{"cpe":"cpe:2.3:a:wso2:identity_server:5.8.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"5.8.0"}]},{"cpe":"cpe:2.3:a:wso2:identity_server:5.9.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"5.9.0"}]},{"cpe":"cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"5.10.0"}]},{"cpe":"cpe:2.3:a:wso2:identity_server_as_key_manager:5.3.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"5.3.0"}]},{"cpe":"cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"5.5.0"}]},{"cpe":"cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"5.6.0"}]},{"cpe":"cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"5.7.0"}]},{"cpe":"cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"5.9.0"}]},{"cpe":"cpe:2.3:a:wso2:iot_server:3.3.1:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"3.3.1"}]}]},"references":[{"type":"ADVISORY","url":"https://docs.wso2.com/display/Security/2021+Advisories"},{"type":"ADVISORY","url":"https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1314"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wso2/product-apim","events":[{"introduced":"0"},{"last_affected":"727d091683c8199c37f2d19ab3198abee6553904"},{"last_affected":"2971de274564b622974de831403e9688a4a76c14"},{"last_affected":"e4956e9301b1c26eb06e80ec5c86628154b6ab55"},{"last_affected":"cf00d9e6cb083f94abae11818794f62cd5c94079"}],"database_specific":{"cpe":["cpe:2.3:a:wso2:api_manager:3.0.0:*:*:*:*:*:*:*","cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*","cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*","cpe:2.3:a:wso2:api_manager:4.0.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"3.0.0"},{"last_affected":"3.1.0"},{"last_affected":"3.2.0"},{"last_affected":"4.0.0"}]}}],"versions":["4.0.0-beta","test-tag-1.9.0-Alpha","v1.9.0","v1.9.0-Alpha","v1.9.0-Beta","v1.9.0-Beta-2","v1.9.0-Beta-3","v1.9.0-M2","v2.0.0-ALPHA","v2.0.0-M4","v2.1.0-alpha","v2.1.0-update1","v2.1.0-update10","v2.1.0-update11","v2.1.0-update12","v2.1.0-update13","v2.1.0-update14","v2.1.0-update2","v2.1.0-update3","v2.1.0-update5","v2.1.0-update7","v2.1.0-update8","v2.1.0-update9","v2.2.0","v2.2.0-update1","v2.2.0-update2","v2.2.0-update3","v2.2.0-update4","v2.2.0-update5","v2.2.0-update6","v2.2.0-update7","v2.5.0","v2.5.0-Alpha","v2.5.0-Beta","v2.5.0-rc1","v2.5.0-rc2","v2.5.0-rc3","v2.5.0-rc4","v2.6.0","v2.6.0-alpha","v2.6.0-alpha2","v2.6.0-beta","v2.6.0-beta2","v2.6.0-m1","v2.6.0-m2","v2.6.0-rc1","v2.6.0-rc2","v2.6.0-rc3","v3.0.0","v3.0.0-alpha","v3.0.0-alpha2","v3.0.0-beta","v3.0.0-m32","v3.0.0-m33","v3.0.0-m34","v3.0.0-m35","v3.0.0-rc1","v3.0.0-rc2","v3.0.0-rc3","v3.1.0","v3.1.0-alpha","v3.1.0-beta","v3.1.0-m1","v3.1.0-m2","v3.1.0-m3","v3.1.0-m4","v3.1.0-m5","v3.1.0-rc1","v3.1.0-rc2","v3.1.0-rc3","v3.2.0","v3.2.0-alpha","v3.2.0-beta","v3.2.0-m1","v3.2.0-rc1","v3.2.0-rc2","v3.2.0-rc3","v3.2.0-rc4","v3.2.0-rc5","v3.2.0-rc6","v4.0.0","v4.0.0-alpha","v4.0.0-beta","v4.0.0-m1","v4.0.0-m2","v4.0.0-m3","v4.0.0-m4","v4.0.0-m5","v4.0.0-m6","v4.0.0-m7","v4.0.0-m8","v4.0.0-rc"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36760.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}