3 matches found
Security Bulletin: Vulnerability in Rational Team Concert with potential for Cross-Site Scripting attack (CVE-2015-0122, CVE-2015-0123)
Summary An undisclosed security vulnerability of IBM Rational Team Concert may result in Cross-Site Scripting attack. Vulnerability Details CVEID: CVE-2015-0123 Description: IBM Rational Team Concert is vulnerable to stored cross-site scripting, caused by improper validation of user supplied inpu...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0123...
CVE-2015-0123
IBM Rational Team Concert is affected by CVE-2015-0123, a stored cross-site scripting vulnerability caused by improper validation of user input. Impacted versions include RTC 2.x and 3.x up to 3.0.1.6 iFix5, RTC 4.x up to 4.0.7 iFix3, and RTC 5.x up to 5.0.1. A remote authenticated attacker could...