Cross-Site Scripting in IBM Rational Quality Manager
CVE-2013-5404

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Requirements Composer; Rational Quality Manager; Rational Team Concert
Vendor: CVE Published:; 10 December 2013

Summary

A cross-site scripting (XSS) vulnerability exists in the search function of IBM Rational Quality Manager, allowing authenticated users to inject arbitrary scripts or HTML through manipulated IFRAME elements. This can lead to unauthorized actions on behalf of the user, data leakage, and exploitation of session tokens. This vulnerability affects several versions of the product, compromising web application security.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/87318

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21653689

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 10, 2013
Vulnerability Reserved
Aug 22, 2013