IBM Rational ClearQuest Defect Logging Attachment Cross-Site Scripting Vulnerability

Bugtraq ID:	22981
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 15 2007 12:00AM
Updated:	Jun 25 2007 10:18PM
Credit:	This vulnerability has been reported by James Clarke.
Vulnerable:	IBM Rational ClearQuest 7.0
Not Vulnerable:

IBM Rational ClearQuest Defect Logging Attachment Cross-Site Scripting Vulnerability

IBM Rational ClearQuest is prone to a cross-site scripting vulnerability because the software fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

IBM Rational ClearQuest Defect Logging Attachment Cross-Site Scripting Vulnerability

Attackers can use a browser to exploit this issue.

IBM Rational ClearQuest Defect Logging Attachment Cross-Site Scripting Vulnerability

Solution:
Reports indicate that the vendor released a patch to address this issue. Symantec has not confirmed this.

Please contact the vendor for information on obtaining and applying fixes.

IBM Rational ClearQuest Defect Logging Attachment Cross-Site Scripting Vulnerability

References:

• Rational ClearQuest Homepage (IBM)
  
• Rational Support Homepage (IBM)
  
• IBM Rational ClearQuest Web - Cross Site Scripting ([email protected])