Published: 20/03/2008 Updated: 15/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest prior to 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote malicious users to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm rational clearquest
ibm rational clearquest 7.0.1
ibm rational clearquest 7.0.1.1
ibm rational clearquest 7.0.2

source: wwwsecurityfocuscom/bid/28296/info IBM Rational ClearQuest is prone to multiple cross-site scripting vulnerabilities because it fails to adequately sanitize user-supplied input An attacker could exploit these vulnerabilities to execute arbitrary local or remote script code in the context of the affected site This may allow the ...

IBM Rational ClearQuest Web suffers from multiple cross site scripting vulnerabilities ...

CWE-79 http://www.securityfocus.com/bid/28296 http://www.securitytracker.com/id?1019685 http://secunia.com/advisories/29467 http://securityreason.com/securityalert/3753 http://www.vupen.com/english/advisories/2008/0952/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41328 http://www.securityfocus.com/archive/1/489861/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/31438/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-4592

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect