Sårbarhetslösningar

WatchMouse periodiska sårbarhetsskanning kontrollerar sårbarheten nedan. Om du vill se de senasta sårbarhetslösningarna som skannas av WatchMouse kan du gå till översikten med sårbarhetslösningar

Kategori: CGI abuses : XSS Riskfaktor: Medium Tillagt: 2 jul 2009
Synopsis:

The remote web server is affected by multiple flaws.

Description:

IBM Rational ClearQuest CQWeb Server is installed on the remote host. The installed version is affected by multiple cross-site scripting flaws. Specifically, the application fails to sanitize input passed to parameter 'contextid', 'schema', 'userNameVal' and 'username' before using it to generate dynamic HTML content. An unauthenticated remote attacker may be able to leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.

See also:

http://www.securityfocus.com/archive/1/archive/1/489861/100/0/threaded

Solution:

Apply patch 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, or 7.0.1.1_iFix01.

Risk factor:

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)