Two flaws were found in IBM WebSphere Application Server for z/OS. An impact of one of them is not known. The second allows to launch XSS attack.
Unspecified flaw was found in Java API for XML Web Services (JAX-WS). There are no further information.
Certain input data sent to web messaging service are not properly sanitised before being returned to a user. It allows attacker to launch HTML and script code.
Flaws were found in versions prior to 7.0.0 Fix Pack 21. Users should upgrade to version 7.0.0.21.

Source: Secunia
16.01.2012