Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the ReqWeb Help feature aka the Web Client Help system in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the 2 searchWord, 3...

IBM Rational RequisitePro ReqWebHelp Multiple XSS

IBM Rational RequisitePro is installed on the remote host. The installed version contains two JSP scripts that are affected by cross-site scripting vulnerabilities. Specifically, it fails to sanitize input to the 'searchWord', 'maxHits', 'scopedSearch', and 'scope' parameters of 'searchView.jsp'...

IBM Rational RequisitePro 7.10 / ReqWebHelp - Multiple Cross-Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting victim into following a malicious URI. The following example URIs are available: http://www.example.com/ReqWebHelp/advanced/workingSet.jsp?operation=add/--/scriptscriptalert289325/script&workingSet=...

IBM Rational RequisitePro 7.10 and ReqWebHelp Multiple CSS

Exploit for jsp platform in category web applications =========================================================================== IBM Rational RequisitePro 7.10 and ReqWebHelp Multiple Cross Site Scripting =========================================================================== Attackers can...

IBM Rational RequisitePro 7.10 - ReqWeb Help Feature 'ReqWebHelp/basic/searchView.jsp' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/36721/info IBM Rational RequisitePro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...