Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4592Cross-site Scripting in IBM Rational Clearquest

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
16.2%
top 5.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Rational Clearquest
Timeline
PublishedMar 20
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDibm/rational_clearquest2003-06-16+3

🔴Vulnerability Details

2
GHSA
GHSA-686m-vhgm-w87p: Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 20032022-05-01
CVEList
CVE-2007-4592: Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 20032008-03-20

💥Exploits & PoCs

1
Exploit-DB
IBM Rational ClearQuest 7.0 - Multiple Cross-Site Scripting Vulnerabilities2008-03-19
CVE-2007-4592 — Cross-site Scripting in IBM | cvebase