Vulnerabilities > Wso2 > API Manager > 4.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-23 | CVE-2023-31664 | Cross-site Scripting vulnerability in Wso2 API Manager A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter. | 6.1 |