Bhagyasakalanka

**Name of the Vulnerable Software and Affected Versions** WSO2 carbon-registry versions up to 4.8.6 **Description** A vulnerability has been found in WSO2 carbon-registry, affecting an unknown part of the component Request Parameter Handler. The manipulation of the argument `parentPath/path/username/path/profile menu` leads to cross-site scripting. It is possible to initiate the attack remotely. **Recommendations** For WSO2 carbon-registry versions up to 4.8.6, upgrade to version 4.8.7 to address this issue. As a temporary workaround, consider restricting access to the vulnerable `Request Parameter Handler` component until a patch is applied. Avoid using the argument `parentPath/path/username/path/profile menu` in the affected component until the issue is resolved.