# Description
Reflected Cross-Site Scripting (XSS) vulnerability allows attackers to execute arbitrary external javascript code in the browser.
In the application there exists a XSS vulnerability that occurs in the api:

Payload: “>

GET /system/api/restApiViewer: Passing XSS payload to any param leads to XSS vulnerability.
GET /system/api/graphqlViewer: Passing XSS payload to param `apiKey` leads to XSS vulnerability.

# Proof of Concept
“`
https://drive.google.com/file/d/1QS4ayL3Wngxd0Vqf9l8kob9pKomFJV4X/view?usp=share_link
“`Read More