Vulnerability Description
Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IFRAME element.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Rational Quality Manager | 2.0 |
| Ibm | Rational Requirements Composer | 2.0 |
| Ibm | Rational Team Concert | 2.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21653689Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87318
- http://www-01.ibm.com/support/docview.wss?uid=swg21653689Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87318
FAQ
What is CVE-2013-5404?
CVE-2013-5404 is a vulnerability with a CVSS score of 3.5 (LOW). Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Te...
How severe is CVE-2013-5404?
CVE-2013-5404 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5404?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Rational Quality Manager, Ibm Rational Requirements Composer, Ibm Rational Team Concert.