[原文]Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in an unspecified input form.
Hitachi Business Logic Container (BLC) Unspecified Input Form XSS
Remote / Network Access
Loss of Integrity
Business Logic Container contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate parameters upon submission to an unspecified form. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
For BLC on Windows, upgrade to version 3-00 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
For BLC on AIX, Hitachi requires users to contact their support service.