CVE-2008-3550 Information

Description

The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field possibly related to a cross-site scripting (XSS) vulnerability.

Reference

http://www.securitytracker.com/id?1020642 http://www.vupen.com/english/advisories/2008/2317 http://www-1.ibm.com/support/docview.wss?uid=swg1PK68332 https://exchange.xforce.ibmcloud.com/vulnerabilities/44254