CVE-2013-5404
https://notcve.org/view.php?id=CVE-2013-5404
Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IFRAME element. Vulenrabilidad Cross-site scripting (XSS) en la aplicación de búsqueda en IBM Rational Quality Manager (RQM) 2.0 a 2.0.1.1, 3.0.1.6 3.x antes iFix 1, 4.x antes de 4.0.5, tal como se utiliza en Rational Team Concert, Rational Requirements Composer, y otros productos, permite a usuarios remotos autenticados inyectar web scripts o HTML a través de vectores relacionados con un elemento IFRAME. • http://www-01.ibm.com/support/docview.wss?uid=swg21653689 https://exchange.xforce.ibmcloud.com/vulnerabilities/87318 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-1029
https://notcve.org/view.php?id=CVE-2011-1029
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM Rational Team Concert (RTC) v2.0.0.x , permite a atacantes remotos autenticados inyectar secuencias de comandos web o HTML a través del nombre de un informe compartido. • http://secunia.com/advisories/43223 http://www.ibm.com/support/docview.wss?uid=swg1PM22477 http://www.securityfocus.com/bid/46179 http://www.vupen.com/english/advisories/2011/0297 https://exchange.xforce.ibmcloud.com/vulnerabilities/65170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •