IBM WebSphere Application Server SOAP Connector Error Page XSS
Medium Nessus Plugin ID 23649
SynopsisThe remote SOAP server is vulnerable to a cross-site scripting attack.
DescriptionThe remote SOAP server fails to sanitize user input via the URI before using it to generate dynamic XML content in an error page. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary XML into a user's browser.
SolutionApply version 5.0.2 Cumulative Fix 17 / 5.1.1 Cumulative Fix 12 / 6.0.2 Fix Pack 9, depending on the installed version of IBM WebSphere Application Server.