Description

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145509.

Remediation

References

CVE-2018-1688

Related Vulnerabilities

WordPress Plugin MiwoEvents-Manage & Book Events Unspecified Vulnerability (1.2.0)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2018-14720)

WordPress Plugin CiviCRM Multiple Cross-Site Scripting Vulnerabilities (5.35.0)

WordPress Plugin Weather Effect-Christmas Santa Snow Falling Cross-Site Scripting (1.3.5)

WordPress Plugin SEO by Squirrly SEO SQL Injection (12.3.19)

Severity

Medium

Classification

CVE-2018-1688 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities