Multiple IBM Products CVE-2013-0473 Cross Site Scripting Vulnerability

Bugtraq ID:	58689
Class:	Input Validation Error
CVE:	CVE-2013-0473
Remote:	Yes
Local:	No
Published:	Mar 25 2013 12:00AM
Updated:	Mar 25 2013 12:00AM
Credit:	IBM
Vulnerable:	IBM Rational Policy Tester 8.5.0.1 IBM Rational Policy Tester 8.5 IBM Rational AppScan Enterprise 8.5.0.1 IBM Rational AppScan Enterprise 8.0.1.1 IBM Rational AppScan Enterprise 8.0.1 IBM Rational AppScan Enterprise 8.0.0.1 IBM Rational AppScan Enterprise 8.0.0
Not Vulnerable:

Multiple IBM Products CVE-2013-0473 Cross Site Scripting Vulnerability

Multiple IBM Products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

The following product versions are affected:

Rational AppScan Enterprise versions 5.6 through 8.6.0.2
Rational Policy Tester versions 5.6 through 8.5.0.3

Multiple IBM Products CVE-2013-0473 Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Multiple IBM Products CVE-2013-0473 Cross Site Scripting Vulnerability

References: