CVE-2018-1691
https://notcve.org/view.php?id=CVE-2018-1691
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145582. IBM Rational Quality Manager (RQM), de la versión 5.0 a la 5.02 y desde la versión 6.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10733078 https://exchange.xforce.ibmcloud.com/vulnerabilities/145582 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1405
https://notcve.org/view.php?id=CVE-2018-1405
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138441. IBM Rational Quality Manager (RQM), de la versión 5.0 a la 5.02 y desde la versión 6.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10733078 https://exchange.xforce.ibmcloud.com/vulnerabilities/138441 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1404
https://notcve.org/view.php?id=CVE-2018-1404
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138440. IBM Rational Quality Manager (RQM), de la versión 5.0 a la 5.02 y desde la versión 6.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10733078 https://exchange.xforce.ibmcloud.com/vulnerabilities/138440 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1558
https://notcve.org/view.php?id=CVE-2018-1558
IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142956. IBM Rational Collaborative Lifecycle Management, de la versión 5.0 a la 5.02 y desde la versión 6.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10732477 https://exchange.xforce.ibmcloud.com/vulnerabilities/142956 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1753
https://notcve.org/view.php?id=CVE-2017-1753
Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655. Múltiples productos IBM Rational son vulnerables a inyección HTML. Un atacante remoto podría ejecutar código HTML malicioso que, cuando se visualice, se ejecutaría en el navegador web de la víctima en el contexto de seguridad del sitio anfitrión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/135655 https://www.ibm.com/support/docview.wss?uid=ibm10713739 • CWE-94: Improper Control of Generation of Code ('Code Injection') •