Oracle iPlanet Web Server Multiple Cross Site Scripting Vulnerabilities

Summary
This host is running Oracle iPlanet Web Server and is prone to multiple cross site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application
Solution
Please refer below link for updates, http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixSUNS
Insight
- Input passed via the 'helpLogoWidth' and 'helpLogoHeight' parameters to admingui/cchelp2/Masthead.jsp (when 'mastheadTitle' is set) and the 'productNameSrc', 'productNameHeight', and 'productNameWidth' parameters to admingui/version/Masthead.jsp is not properly sanitised before being returned to the user. - Input passed via the 'appName' and 'pathPrefix' parameters to admingui/ cchelp2/Navigator.jsp is not properly sanitised before being returned to the user.
Affected
Oracle iPlanet WebServer 7.0
References