CVE-2012-2169

IBM Rational Clearquest - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field.

References (3)

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg1PM62762

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21607783

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75049

Scores

EPSS 0.0019

EPSS Percentile 40.4%

Classification

CWE

CWE-79

Status published

Affected Products (16)

ibm/rational_clearquest

... and 1 more

Timeline

Published Aug 17, 2012

Tracked Since Feb 18, 2026