Vulnerabilities > IBM > Rational Clearquest > 7.0.0.0

DATE CVE VULNERABILITY TITLE RISK
2008-12-05 CVE-2008-5325 Cross-Site Scripting vulnerability in IBM Rational Clearquest
Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
4.3
2008-03-20 CVE-2007-4592 Cross-Site Scripting vulnerability in IBM Rational Clearquest
Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.
network
ibm CWE-79
4.3
4.3
2007-08-15 CVE-2007-4368 SQL Injection vulnerability in IBM Rational Clearquest 7.0.0.0/7.0.0.1
SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.
network
low complexity
ibm CWE-89
7.5
7.5
2007-03-16 CVE-2007-1468 Cross-Site Scripting vulnerability in IBM Rational Clearquest 7.0.0.0
Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry.
network
ibm CWE-79
4.3
4.3