IBM API Connect is a suite of integrated solutions for managing the lifecycle of APIs from IBM USA. The product supports the creation, operation, management and protection of APIs and microservices, etc. A cross-site scripting vulnerability exists in IBM API Connect. The vulnerability stems from the lack of proper validation of client-side data in the WEB application, which can be exploited by attackers to lure users into clicking on the execution of client-side code to steal user cookie credentials.