cpe:/a:ibm:rational_team_concert:3.0.1.6 cpe:/a:ibm:rational_team_concert:4.0.0 cpe:/a:ibm:rational_team_concert:4.0.1 cpe:/a:ibm:rational_team_concert:4.0.2 cpe:/a:ibm:rational_team_concert:4.0.3 cpe:/a:ibm:rational_team_concert:4.0.4 cpe:/a:ibm:rational_team_concert:4.0.5 cpe:/a:ibm:rational_team_concert:4.0.6 cpe:/a:ibm:rational_team_concert:4.0.7 cpe:/a:ibm:rational_team_concert:5.0.0 cpe:/a:ibm:rational_team_concert:5.0.1 cpe:/a:ibm:rational_team_concert:5.0.2 cpe:/a:ibm:rational_team_concert:6.0.0 cpe:/a:ibm:rational_team_concert:6.0.1 cpe:/a:ibm:rational_team_concert:6.0.2 CVE-2016-0285 2016-11-24T14:59:05.927-05:00 2016-11-29T22:02:54.277-05:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov 2016-11-25T08:24:28.410-05:00 BID 94550 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21991478 Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted field.