The host is running IBM WebSphere Application Server and is prone to cross-site scripting vulnerability.
Successful exploitation will let remote attackers to inject malicious script into a Web page. Further an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. Impact Level: Application
For WebSphere Application Server 6.1: Apply the latest Fix Pack (126.96.36.199 or later) or APAR PK92057 For WebSphere Application Server 7.1: Apply the latest Fix Pack (188.8.131.52 or later) or APAR PK92057 For updates refer to http://www.ibm.com/support/docview.wss?uid=swg1PK92057
The flaw is caused by improper validation of user-supplied input in the Administration Console, which allows the remote attacker to inject malicious script into a Web page.
IBM WebSphere Application Server (WAS) version 7.1 before 184.108.40.206 IBM WebSphere Application Server (WAS) version 6.1 before 220.127.116.11