CVE-2007-4592
IBM Rational ClearQuest <2003.06.16 Patch 2008A-7.0.1.1_iFix01 - XSS
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-4592. PoCs published by sasquatch.
AI-analyzed exploit summary This exploit demonstrates multiple XSS vulnerabilities in IBM Rational ClearQuest by injecting malicious script tags into URL parameters. The PoC shows how unsanitized input in the 'targetUrl' and other parameters can execute arbitrary JavaScript in the context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.
Exploits (1)
This exploit demonstrates multiple XSS vulnerabilities in IBM Rational ClearQuest by injecting malicious script tags into URL parameters. The PoC shows how unsanitized input in the 'targetUrl' and other parameters can execute arbitrary JavaScript in the context of the affected site.