Description

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268.

Remediation

References

CVE-2017-1653

Related Vulnerabilities

PHP HTTP POST incorrect MIME header parsing vulnerability

WordPress Plugin Podlove Podcast Publisher SQL Injection (3.5.5)

WordPress Plugin Restricted Site Access Unspecified Vulnerability (2.0)

SugarCRM Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3244)

MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-4624)

Severity

Medium

Classification

CVE-2017-1653 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities