IBM WebSphere Application Server (WAS) is an application server product of the American International Business Machines (IBM) Corporation. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0 have a security vulnerability that stems from vulnerability to cross-site scripting attacks. An attacker uses the vulnerability to embed arbitrary JavaScript code in the Web UI, which changes the intended functionality and leads to credential disclosure in a trusted session.