What is the present status of "Flaws in Oracle file-processing SDKs affect major third-party products"? Is it still a flaw in 2017?

-->

Reference:

http://www.computerworld.com/article/3098266/security/flaws-inoracle-file-processing-sdks-affect-major-third-party-products.html

Details:

Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday affect products from third-party software vendors. The vulnerabilities were found by researchers from Cisco's Talos team and are located in the Oracle Outside In Technology (OIT), a collection of software development kits (SDKs) that can be used to extract, normalize, scrub, convert and view some 600 unstructured file formats.

Probable Root cause:

An attacker could exploit these vulnerabilities by sending a malicious email attachment to a victim who then opens the email using web preview This is a Reflected XSS exploit Cross-Site Scripting is an attack that is possible when an application accepts untrusted data and includes it in the context of an HTML page This Vulnerabilities are caused due to improper sanitization.

Is it a right Possible Recommendations?:

"Customers really do need to apply these Java CPU(Critical Patch Update) patches as soon as possible," Companies should also turn their attention to assets that can be directly attacked from the internet. These include web and application servers like Oracle HTTP Server, WebLogic Server and Glassfish Server, which are part of Oracle's Fusion Middleware suite. "The following list outlines the general approaches to prevent cross-site scripting attacks: 1. Encode output based on input parameters. 2. Filter input parameters for special characters. 3. Filter output based on input parameters for special characters.