Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-0123)

Description

Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0122.

Remediation

References

Related Vulnerabilities

WordPress Plugin Buddypress Xprofile Custom Fields Type Arbitrary File Deletion (2.6.3)

Osclass Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-10751)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18625)

OpenSSL Integer Overflow or Wraparound Vulnerability (CVE-2016-2177)

WordPress Plugin Easy Google Analytics for WordPress Cross-Site Request Forgery (1.6.0)

Severity

Low

Classification

CVE-2015-0123 CWE-707

Tags

Missing Update Known Vulnerabilities