An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.
{ "versions": [ { "introduced": "0" }, { "last_affected": "2.6.0" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20737.json"
[ { "events": [ { "introduced": "0" }, { "last_affected": "5.7.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.7.0" } ] } ]