IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 116918.
[
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "4.0.7, 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3"
}
]
}
]