CVE-2007-4592 – IBM Rational ClearQuest 7.0 - Multiple Cross-Site Scripting Vulnerabilities

https://notcve.org/view.php?id=CVE-2007-4592

Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz web para IBM Rational ClearQuest versiones anteriores a 2003.06.16 Parche 2008A, 7.0.0.2_iFix01 y 7.0.1.1_iFix01, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) contextid , (2) username, (3) userNameVal y (4) schema en el componente login. IBM Rational ClearQuest Web suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/31438 http://secunia.com/advisories/29467 http://securityreason.com/securityalert/3753 http://www.securityfocus.com/archive/1/489861/100/0/threaded http://www.securityfocus.com/bid/28296 http://www.securitytracker.com/id?1019685 http://www.vupen.com/english/advisories/2008/0952/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •