First published: Fri Feb 18 2022(Updated: )
A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the OTK web UI client application.
Credit: secure@symantec.com
Affected Software | Affected Version | How to fix |
---|---|---|
Broadcom Layer7 Api Management Oauth Toolkit | <4.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.