CVE-2013-5404

EPSS 0.17%
Veröffentlicht 10.12.2013 19:55:07
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IFRAME element.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Rational Quality Manager Version2.0

Ibm ≫ Rational Quality Manager Version2.0.0.1

Ibm ≫ Rational Quality Manager Version2.0.0.2

Ibm ≫ Rational Quality Manager Version2.0.1

Ibm ≫ Rational Quality Manager Version2.0.1.1

Ibm ≫ Rational Quality Manager Version3.0

Ibm ≫ Rational Quality Manager Version3.0.1

Ibm ≫ Rational Quality Manager Version3.0.1.1

Ibm ≫ Rational Quality Manager Version3.0.1.2

Ibm ≫ Rational Quality Manager Version3.0.1.3

Ibm ≫ Rational Quality Manager Version3.0.1.4

Ibm ≫ Rational Quality Manager Version3.0.1.5

Ibm ≫ Rational Quality Manager Version3.0.1.6

Ibm ≫ Rational Quality Manager Version4.0

Ibm ≫ Rational Quality Manager Version4.0.0.1

Ibm ≫ Rational Quality Manager Version4.0.0.2

Ibm ≫ Rational Quality Manager Version4.0.1

Ibm ≫ Rational Quality Manager Version4.0.2

Ibm ≫ Rational Quality Manager Version4.0.3

Ibm ≫ Rational Quality Manager Version4.0.4

Ibm ≫ Rational Requirements Composer Version2.0

Ibm ≫ Rational Requirements Composer Version2.0.0.1

Ibm ≫ Rational Requirements Composer Version2.0.0.2

Ibm ≫ Rational Requirements Composer Version2.0.0.3

Ibm ≫ Rational Requirements Composer Version2.0.0.4

Ibm ≫ Rational Requirements Composer Version3.0

Ibm ≫ Rational Requirements Composer Version3.0.1

Ibm ≫ Rational Requirements Composer Version3.0.1.1

Ibm ≫ Rational Requirements Composer Version3.0.1.2

Ibm ≫ Rational Requirements Composer Version3.0.1.3

Ibm ≫ Rational Requirements Composer Version3.0.1.4

Ibm ≫ Rational Requirements Composer Version3.0.1.5

Ibm ≫ Rational Requirements Composer Version3.0.1.6

Ibm ≫ Rational Requirements Composer Version4.0

Ibm ≫ Rational Requirements Composer Version4.0.1

Ibm ≫ Rational Requirements Composer Version4.0.2

Ibm ≫ Rational Requirements Composer Version4.0.3

Ibm ≫ Rational Requirements Composer Version4.0.4

Ibm ≫ Rational Team Concert Version2.0

Ibm ≫ Rational Team Concert Version2.0.0.1

Ibm ≫ Rational Team Concert Version2.0.0.2

Ibm ≫ Rational Team Concert Version3.0

Ibm ≫ Rational Team Concert Version3.0.1

Ibm ≫ Rational Team Concert Version3.0.1.2

Ibm ≫ Rational Team Concert Version3.0.1.3

Ibm ≫ Rational Team Concert Version3.0.1.4

Ibm ≫ Rational Team Concert Version3.0.1.5

Ibm ≫ Rational Team Concert Version3.0.1.6

Ibm ≫ Rational Team Concert Version4.0

Ibm ≫ Rational Team Concert Version4.0.1

Ibm ≫ Rational Team Concert Version4.0.2

Ibm ≫ Rational Team Concert Version4.0.3

Ibm ≫ Rational Team Concert Version4.0.4

Ibm ≫ Rational Team Concert Version4.0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.343

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www-01.ibm.com/support/docview.wss?uid=swg21653689

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/87318

https://nvd.nist.gov/vuln/detail/CVE-2013-5404

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-5404

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-5404

EUVD