Remobjects · Remobjects Remoting Sdk For Delphi · CVE-2017-16665
**Name of the Vulnerable Software and Affected Versions**
RemObjects Remoting SDK for Delphi version 9 1.0.0.0
**Description**
The issue allows for a reflected Cross Site Scripting (XSS) attack. This is achieved via the `service` parameter to the "/soap" URI, which triggers an invalid attempt to generate WSDL.
**Recommendations**
For version 9 1.0.0.0, consider restricting access to the "/soap" URI to minimize the risk of exploitation. As a temporary workaround, avoid using the `service` parameter in the affected API endpoint until the issue is resolved.