IBM WebSphere Application Server 7.0 < 18.104.22.168 / 8.0 < 22.214.171.124 / 8.5 < 126.96.36.199 / 9.0 < 188.8.131.52 Unspecified XSS (PI82078)
Medium Nessus Plugin ID 102199
SynopsisThe remote web application server is affected by a cross-site scripting vulnerability.
DescriptionThe version of IBM WebSphere Application Server running on the remote host is 7.0 prior to 184.108.40.206, 8.0 prior to 220.127.116.11, 8.5 prior to 18.104.22.168, or 9.0 prior to 22.214.171.124. It is, therefore, affected by a cross-site scripting flaw because the Admin Console does not validate unspecified input before returning it to users. This may allow a remote attacker to create a specially crafted request that will execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
SolutionApply IBM WebSphere Application Server version 7.0 Fix Pack 45 (126.96.36.199) (targeted availability 2Q 2018) / 8.0 Fix Pack 14 (188.8.131.52) (targeted availability 16 October 2017) / 8.5 Fix Pack 12 (184.108.40.206) / 9.0 Fix Pack 5 (220.127.116.11) (targeted availability 29 September 2017) or later. Alternatively, apply the appropriate Interim Fix PI82078 as recommended in the vendor advisory.