CVE-2021-30650

Summary

A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the OTK web UI client application.

Affected Software

VendorProductVersion RangeStatus
n/aLayer7 API Management OAuth Toolkit (OTK)OTK 4.4.x and earlieraffected

Weaknesses

  • Cross-site scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References