Below are the details on the Cross-Site Scripting vulnerability.
Cross-Site Scripting
Severity: High
CVSS Score: 7.5
URL: https://oneclick.it.slb.com/spectrum/common/do/about
Entity: aboutAppName (Parameter)
Risk: It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user
Causes: Sanitation of hazardous characters was not performed correctly on user input
Fix: Review possible solutions for hazardous character injection
Reasoning: The test result seems to indicate a vulnerability because Appscan successfully embedded a script in the response, which will be executed when the page loads in the user's browser.
Is Spectrum susceptible to the Cross-Site Scripting vulnerability and if so, are there any plans to protect against it?
The Cross-Site Scripting vulnerability is scheduled to be addressed in Spectrum 10.02.02.00. There is no projected release date for Spectrum 10.02.02.00 at the time this knowledge document was published.