CVE-2009-3730

IBM Rational Requisitepro - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp.

Exploits (3)

exploitdb WORKING POC VERIFIED

by IBM · textwebappsjsp

https://www.exploit-db.com/exploits/10094

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by IBM · textwebappsjsp

https://www.exploit-db.com/exploits/33293

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by IBM · textwebappsjsp

https://www.exploit-db.com/exploits/33292

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/59088

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37052

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/2958

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/36721

Exploit, Patch, Vendor Advisory vendor-advisory x_refsource_aixapar

http://www-01.ibm.com/support/docview.wss?uid=swg1PK83895

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/59089

Scores

EPSS 0.0146

EPSS Percentile 81.0%

Details

CWE

CWE-79

Status published

Products (1)

ibm/rational_requisitepro 7.1.0

Published Oct 20, 2009

Tracked Since Feb 18, 2026