Cross-Site Scripting Vulnerability in IBM Rational ClearQuest Web Client
CVE-2012-2169

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Clearquest
Vendor: CVE Published:; 17 August 2012

Summary

A cross-site scripting vulnerability exists in the file-upload functionality of IBM Rational ClearQuest's Web client versions 7.1.x prior to 7.1.2.7. This flaw allows remote authenticated users to execute arbitrary web scripts or HTML by injecting malicious content through the File Description field, potentially compromising user data and application integrity.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1PM62762

vendor-advisoryx_refsource_AIXAPAR

http://www.ibm.com/support/docview.wss?uid=swg21607783

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/75049

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 17, 2012
Vulnerability Reserved
Apr 4, 2012