CVE-2016-0331Cross-site Scripting in IBM Rational Collaborative Lifecycle Management

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 57.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Rational Collaborative Lifecycle ManagementIBM Rational Team Concert
Timeline
PublishedSep 12
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDibm/rational_team_concert6.0.1, 6.0.2+1

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-mmx6-mg38-r8hm: Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 62022-05-17
CVEList
CVE-2016-0331: Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 62016-09-12
CVE-2016-0331 — Cross-site Scripting in IBM | cvebase