The host is installed with IBM Rational ClearQuest 7.1.x through 7.1.2.7 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle arbitrary web script. Successful exploitation could allow remote authenticated users to inject arbitrary web script or HTML via the File Description field.