CVE-2019-20438: Stored XSS in WSO2 API Manager 2.6.0