WSO2 Identity Server prior to 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers.
wso2 identity server