CVE-2013-5404

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Requirements Composer; Rational Quality Manager; Rational Team Concert
Vendor: CVE Published:; 10 December 2013

Summary

Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IFRAME element.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/87318

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21653689

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 10, 2013
Vulnerability Reserved
Aug 22, 2013

Collectors

NVD DatabaseMitre Database