IBM Rational Publishing Engine Multiple Cross Site Scripting Vulnerabilities

Bugtraq ID:	106460
Class:	Input Validation Error
CVE:	CVE-2018-1657 CVE-2018-1951
Remote:	Yes
Local:	No
Published:	Jan 02 2019 12:00AM
Updated:	Jan 02 2019 12:00AM
Credit:	IBM
Vulnerable:	IBM Rational Publishing Engine 6.0.6 IBM Rational Publishing Engine 6.0.5 IBM Rational Publishing Engine 2.1.2
Not Vulnerable:	IBM Rational Publishing Engine 6.0.6 ifix001 IBM Rational Publishing Engine 6.0.5 ifix003 IBM Rational Publishing Engine 2.1.2 ifix002

IBM Rational Publishing Engine Multiple Cross Site Scripting Vulnerabilities

IBM Rational Publishing Engine is prone to multiple cross-site scripting vulnerabilities.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

IBM Rational Publishing Engine 2.1.2, 6.0.5 and 6.0.6 are vulnerable.

IBM Rational Publishing Engine Multiple Cross Site Scripting Vulnerabilities

To exploit these issues an attacker must entice an unsuspecting victim to open a malicious URI.

IBM Rational Publishing Engine Multiple Cross Site Scripting Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.