Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
IBM RTC Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2016-0273 - Vulnerability Database
IBM RTC

IBM RTC Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2016-0273

Medium
Reference: CVE-2016-0273
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-0273
Title: IBM RTC Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix18 and 6.0 before 6.0.2 iFix5 Rational Quality Manager 3.0.1.6 before iFix8 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix18 and 6.0 before 6.0.2 iFix5 Rational Team Concert 3.0.1.6 before iFix8 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix18 and 6.0 before 6.0.2 iFix5 Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix18 and 6.0 before 6.0.2 iFix5 Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 5.0 before 5.0.2 iFix18 and 6.0 before 6.0.2 iFix5 Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix18 and 6.0 before 6.0.2 iFix5 and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix18 and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.