CVE-2010-2985

Name of the Vulnerable Software and Affected Versions IBM WebSphere Service Registry and Repository (WSRR) version 6.3

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited through the searchTerm parameter to the "ServiceRegistry/HelpSearch.do" endpoint or the queryItems[0].value parameter to the "ServiceRegistry/QueryWizardProcessStep1.do" endpoint.

Recommendations For IBM WebSphere Service Registry and Repository (WSRR) version 6.3, consider restricting access to the vulnerable endpoints "ServiceRegistry/HelpSearch.do" and "ServiceRegistry/QueryWizardProcessStep1.do" to minimize the risk of exploitation. Avoid using the searchTerm and queryItems[0].value parameters in these endpoints until the issue is resolved.