WSO2 Carbon Management Console is vulnerable to Reflected Cross-site scripting(XSS) vulnerability. By interfering with a request parameter in Management Console, a reflected XSS vulnerability can be exploited. Both authorised and unauthenticated queries can use this method.