org.wso2.carbon.identity.application.authentication.framework is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the authenticationEndpointURL
parameter in readAuthenticationEndpointURL
function of FileBasedConfigurationBuilder.java