WSO2 API Manager < 4.2.0 - Reflected Cross-Site Scripting via TenantDomain Parameter
A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter.