The Symantec Layer7 API Management OAuth Toolkit (OTK) is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can craft a malicious URL and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the user’s client browser in one of the OAuth flows.
Release: Versions of oAuth Toolkit prior to 4.4.x
If you are running Portal prior to 4.4.x please upgrade to oAauth Toolkit 4.5