An issue was discovered on WSO2 API Manager before 5.7.0 in the registry UI. A stored cross-site script (XSS) vulnerability allows an attacker to inject malicious code into the application and stored in the server. An input variable was vulnerable to stored XSS is ‘roleToAuthorize’ on the browser page.
*Affected Products: WSO2 API Manager, WSO2 API Manager Analytics, WSO2 IS as Key Manager, WSO2 IS as Key Manager, WSO2 Identity Server, WSO2 Identity Server Analytics