Description

Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Remediation

References

CVE-2016-0331

Related Vulnerabilities

WordPress Plugin Auto Amazon Links-Amazon Associates Affiliate Unspecified Vulnerability (2.0.3.4)

Nginx Improper Encoding or Escaping of Output Vulnerability (CVE-2013-4547)

WordPress Plugin NextCellent Gallery-NextGEN Legacy Cross-Site Scripting (1.9.17)

WordPress Plugin Post Indexer (WPMU DEV) Multiple Vulnerabilities (3.0.6.1)

Oracle Database Server CVE-2009-1971 Vulnerability (CVE-2009-1971)

Severity

Medium

Classification

CVE-2016-0331 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities