CVE-2009-3730
N/A
N/A
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://osvdb.org/59088
- http://secunia.com/advisories/37052
- http://www.vupen.com/english/advisories/2009/2958
- http://www.securityfocus.com/bid/36721
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK83895
- http://osvdb.org/59089
References
- http://osvdb.org/59088
- http://secunia.com/advisories/37052
- http://www.vupen.com/english/advisories/2009/2958
- http://www.securityfocus.com/bid/36721
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK83895
- http://osvdb.org/59089
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.