CVE-2007-4592
IBM Rational ClearQuest <2003.06.16 Patch 2008A-7.0.1.1_iFix01 - XSS
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by sasquatch · textwebappsjava
https://www.exploit-db.com/exploits/31438
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41328
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489861/100/0/threaded
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0952/references
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019685
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3753
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28296
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29467
Scores
EPSS
0.1623
EPSS Percentile
94.9%
Details
CWE
CWE-79
Status
published
Products (4)
ibm/rational_clearquest
7.0.1
ibm/rational_clearquest
7.0.1.1
ibm/rational_clearquest
7.0.2
ibm/rational_clearquest
< 2003-06-16
Published
Mar 20, 2008
Tracked Since
Feb 18, 2026