CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 0CVE-2017-1102
https://notcve.org/view.php?id=CVE-2017-1102
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120663. Quality Manager (RQM) versiones 4.0, 5.0 y 6.0 de IBM, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, y por lo tanto, alterar la funcionalidad deseada que podría conllevar a la revelación de credenciales dentro de una sesión segura. • http://www.ibm.com/support/docview.wss?uid=swg22004428 http://www.securityfocus.com/bid/99008 http://www.securitytracker.com/id/1038698 https://exchange.xforce.ibmcloud.com/vulnerabilities/120663 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 0CVE-2017-1101
https://notcve.org/view.php?id=CVE-2017-1101
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662. Quality Manager (RQM) versiones 4.0, 5.0 y 6.0 de IBM, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, y por lo tanto, alterar la funcionalidad deseada que podría conllevar a la revelación de credenciales dentro de una sesión segura. • http://www.ibm.com/support/docview.wss?uid=swg22004428 http://www.securityfocus.com/bid/98997 http://www.securitytracker.com/id/1038698 https://exchange.xforce.ibmcloud.com/vulnerabilities/120662 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 0CVE-2017-1100
https://notcve.org/view.php?id=CVE-2017-1100
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120661. Quality Manager (RQM) versiones 4.0, 5.0 y 6.0 de IBM, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, y por lo tanto, alterar la funcionalidad deseada que podría conllevar a la revelación de credenciales dentro de una sesión segura. • http://www.ibm.com/support/docview.wss?uid=swg22004428 http://www.securityfocus.com/bid/99006 http://www.securitytracker.com/id/1038698 https://exchange.xforce.ibmcloud.com/vulnerabilities/120661 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 104EXPL: 0CVE-2016-9735
https://notcve.org/view.php?id=CVE-2016-9735
IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781, IBM Jazz Foundation podría permitir que un usuario autenticado obtenga información confidencial de las trazas de pila. IBM X-Force ID: 119781 • http://www.ibm.com/support/docview.wss?uid=swg22003064 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.8EPSS: 0%CPEs: 29EXPL: 0CVE-2016-6037
https://notcve.org/view.php?id=CVE-2016-6037
IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918. IBM Rational Team Concert (RTC) es vulnerable a inyección HTML. Un atacante remoto con privilegios de administrador de proyecto podría enviar un proyecto con código HTML malicioso, que cuando este se visualiza, se ejecuta en el navegador web de la víctima dentro del contexto de seguridad del sitio de alojamiento. • http://www.ibm.com/support/docview.wss?uid=swg22002429 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •