Description
Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.
Exploits
314382008-03-19webappsJava
IBM Rational ClearQuest 7.0 - Multiple Cross-Site Scripting Vulnerabilities
By sasquatch
References
cve@mitre.org
http://secunia.com/advisories/29467cve@mitre.org
http://securityreason.com/securityalert/3753cve@mitre.org
http://www.securityfocus.com/bid/28296cve@mitre.org
http://www.securitytracker.com/id?1019685af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29467af854a3a-2127-422b-91ae-364da2661108
http://securityreason.com/securityalert/3753af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/489861/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/28296af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1019685af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/0952/referencesaf854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/41328