Description

IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138446.

Remediation

References

CVE-2018-1408

Related Vulnerabilities

WordPress Plugin AMP extensions Cross-Site Scripting (1.1)

WordPress Plugin Facebook Opengraph Meta 'all_meta.php' SQL Injection (1.0)

WordPress Plugin UpdraftPlus WordPress Backup Multiple Vulnerabilities (1.16.58)

Envoy Proxy Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-18836)

TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1842)

Severity

Medium

Classification

CVE-2018-1408 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities