This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote web application server is affected by an XSS vulnerability.
The IBM WebSphere Application Server running on the remote host is
version 7.0 prior to 220.127.116.11, 8.0 prior to 18.104.22.168, or 8.5 prior to
22.214.171.124. It is, therefore, potentially affected by a reflected
cross-site scripting (XSS) vulnerability due to a failure to properly
validate output from the OAuth provider before returning it to users.
An authenticated, remote attacker can exploit this, via a specially
crafted URL, to execute arbitrary script code in a user's browser
session within the security context of the hosting website.
See also :
Apply IBM WebSphere Application Server version 7.0 Fix Pack 41
(126.96.36.199) / 8.0 Fix Pack 12 (188.8.131.52) / 8.5 Fix Pack 9 (184.108.40.206) or
later. Alternatively, apply the appropriate Interim Fixes as
recommended in the vendor advisory.
Risk factor :
Low / CVSS Base Score : 3.5
CVSS Temporal Score : 2.9
Public Exploit Available : true