This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.
The remote web server is affected by multiple flaws.
IBM Rational ClearQuest CQWeb Server is installed on the remote host.
The installed version is affected by multiple cross-site scripting
flaws. Specifically, the application fails to sanitize input passed
to parameter 'contextid', 'schema', 'userNameVal' and 'username'
before using it to generate dynamic HTML content. An unauthenticated,
remote attacker may be able to leverage this issue to inject arbitrary
HTML or script code into a user's browser to be executed within the
security context of the affected site.
See also :
Apply patch 2003.06.16 Patch 2008A, 184.108.40.206_iFix01, or 220.127.116.11_iFix01.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 39591 (ibm_rational_clearquest_multiple_xss.nasl)
Bugtraq ID: 28296
CVE ID: CVE-2007-4592
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.