Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest via the File Description fieldID: oval:org.secpod.oval:def:7052 | Date: (C)2012-10-02 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
The host is installed with IBM Rational ClearQuest 7.1.x through 7.1.2.7 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle arbitrary web script. Successful exploitation could allow remote authenticated users to inject arbitrary web script or HTML via the File Description field.
Platform: |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Vista |
Product: |
IBM Rational ClearQuest |