CVE-2016-2926 Information
Description
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix19 and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix19 and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix19 and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix19 and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 5.0 before 5.0.2 iFix19 and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix19 and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix19 and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Reference
http://www.securityfocus.com/bid/94146 http://www.securitytracker.com/id/1037276 http://www.securitytracker.com/id/1037277 http://www.securitytracker.com/id/1037278 http://www.securitytracker.com/id/1037279 http://www-01.ibm.com/support/docview.wss?uid=swg21993444
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
5.4
Share on: