CVE-2007-5798

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions prior to 6.1.0 Fix Pack 13

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the UDDI user console. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the keyField, nameField, valueField, and frameReturn parameters in the uddigui/navigateTree.do endpoint.

Recommendations For versions prior to 6.1.0 Fix Pack 13, update to 6.1.0 Fix Pack 13 or later to resolve the issue. As a temporary workaround, consider restricting access to the uddigui/navigateTree.do endpoint to minimize the risk of exploitation. Avoid using the keyField, nameField, valueField, and frameReturn parameters in this endpoint until the issue is resolved.