adilkhan7

1 exploit Active since May 2023
CVE-2023-31664 NOMISEC MEDIUM WORKING POC
WSO2 API Manager < 4.2.0 - Reflected Cross-Site Scripting via TenantDomain Parameter
A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter.
2 stars
CVSS 6.1