The host is installed with WSO2 API Manager 3.1.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the applications which fails to properly handle unspecified vectors. Successful exploitation allows attackers to hijack a logged-in users password and invalidate the session of the victim while the hacker maintains access.