3 matches found
Security Bulletin: Vulnerability in Rational Team Concert with potential for Cross-Site Scripting attack (CVE-2015-0122, CVE-2015-0123)
Summary An undisclosed security vulnerability of IBM Rational Team Concert may result in Cross-Site Scripting attack. Vulnerability Details CVEID: CVE-2015-0123 Description: IBM Rational Team Concert is vulnerable to stored cross-site scripting, caused by improper validation of user supplied inpu...
CVE-2015-0122
Cross-site scripting XSS vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0123...
CVE-2015-0122
IBM Rational Team Concert is affected by CVE-2015-0122 and CVE-2015-0123, both XSS due to improper validation of user input. Affected ranges include RTC 2.0–2.0.0.2, 3.0–3.0.6, 4.0–4.0.7, and 5.0–5.1 (with fixes listed in IBM advisories). The vulnerability allows remote authenticated users to exe...