Lucene search
RootSSV:3064HistoryMar 21, 2008 - 12:00 a.m.
IBM Rational ClearQuest多个参数跨站脚本漏洞
2008-03-2100:00:00
Root
www.seebug.org
9
0.005 Low
EPSS
Percentile
73.9%
BUGTRAQ ID: 28296
CVE(CAN) ID: CVE-2007-4592
IBM Rational ClearQuest是全面的软件变更、追踪管理解决方案。
Rational ClearQuest没有正确地验证对contextid、schema、userNameVal、username变量的输入参数,允许远程攻击者通过提交特制的URL请求执行跨站脚本攻击。
IBM Rational ClearQuest 7.0.1.0_iFix01
IBM Rational ClearQuest 7.0.0.1_iFix04
IBM Rational ClearQuest 2003.06.16 Patch 2007C
IBM
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://www.ers.ibm.com/” target=“_blank”>http://www.ers.ibm.com/</a>
http://www.website.com/cqweb/login?/cqweb/main?command=GenerateMainFrame&service=CQ&schema=SCHEMAHERE"; alert('XSS');//&contextid=DATABASECONTEXTHERE"; alert('XSS');//
http://www.website.com/cqweb/login?
Related
securityvulns
securityvulns
IBM Rational ClearQuest crossite scripting
2008-03-20 00:00:00
IBM Rational ClearQuest Web Multiple XSS Vulnerabilities
2008-03-20 00:00:00
cve
cve
CVE-2007-4592
2008-03-20 00:44:00
prion
prion
Cross site scripting
2008-03-20 00:44:00
nessus
nessus
IBM Rational ClearQuest Multiple XSS Flaws
2009-07-02 00:00:00
packetstorm
packetstorm
ibmrational-xss.txt
2008-03-19 00:00:00