IBM Rational ClearQuest Multiple XSS Flaws

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by multiple flaws.

Description :

IBM Rational ClearQuest CQWeb Server is installed on the remote host.
The installed version is affected by multiple cross-site scripting
flaws. Specifically, the application fails to sanitize input passed
to parameter 'contextid', 'schema', 'userNameVal' and 'username'
before using it to generate dynamic HTML content. An unauthenticated,
remote attacker may be able to leverage this issue to inject arbitrary
HTML or script code into a user's browser to be executed within the
security context of the affected site.

See also :

Solution :

Apply patch 2003.06.16 Patch 2008A,, or

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 39591 (ibm_rational_clearquest_multiple_xss.nasl)

Bugtraq ID: 28296

CVE ID: CVE-2007-4592

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now