CVE-2014-0846

IBM Rational Doors Next Generation - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

References (3)

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21664412

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/65917

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/90720

Scores

EPSS 0.0019

EPSS Percentile 40.5%

Details

CWE

CWE-79

Status published

Products (22)

ibm/rational_doors_next_generation

ibm/rational_requirements_composer

... and 12 more

Published Mar 04, 2014

Tracked Since Feb 18, 2026