The Symantec Layer7 API Management OAuth Toolkit (OTK) is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can craft a malicious URL and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the user’s client browser in one of the OAuth flows.

Release: Versions of oAuth Toolkit prior to 4.4.x

If you are running Portal prior to 4.4.x please upgrade to oAauth Toolkit 4.5

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/Reflected-XSS-Vulnerability-in-Layer7-OAuth-Toolkit-OTK-/20170