Cross site scripting

2009-10-2017:30:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp.

CPENameOperatorVersion
rational_requisiteproeq7.1.0

CPE	Name	Operator	Version
	rational_requisitepro	eq	7.1.0

References

osvdb.org/59088

osvdb.org/59089

secunia.com/advisories/37052

www-01.ibm.com/support/docview.wss?uid=swg1PK83895

www.securityfocus.com/bid/36721

www.vupen.com/english/advisories/2009/2958