Vulnerability-Lookup

CVE-2007-4592 (GCVE-0-2007-4592)

Vulnerability from cvelistv5 – Published: 2008-03-20 00:00 – Updated: 2024-08-07 15:01

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

7 references

URL	Tags
http://www.securityfocus.com/archive/1/489861/100…	mailing-listx_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2008/0952…	vdb-entryx_refsource_VUPEN
http://www.securitytracker.com/id?1019685	vdb-entryx_refsource_SECTRACK
http://securityreason.com/securityalert/3753	third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/bid/28296	vdb-entryx_refsource_BID
http://secunia.com/advisories/29467	third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Date Public

2008-03-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:01:09.870Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20080319 IBM Rational ClearQuest Web Multiple XSS Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489861/100/0/threaded"
          },
          {
            "name": "ADV-2008-0952",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0952/references"
          },
          {
            "name": "1019685",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019685"
          },
          {
            "name": "3753",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3753"
          },
          {
            "name": "28296",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28296"
          },
          {
            "name": "29467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29467"
          },
          {
            "name": "rational-clearquest-webinterface-xss(41328)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41328"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20080319 IBM Rational ClearQuest Web Multiple XSS Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489861/100/0/threaded"
        },
        {
          "name": "ADV-2008-0952",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0952/references"
        },
        {
          "name": "1019685",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019685"
        },
        {
          "name": "3753",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3753"
        },
        {
          "name": "28296",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28296"
        },
        {
          "name": "29467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29467"
        },
        {
          "name": "rational-clearquest-webinterface-xss(41328)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41328"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4592",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080319 IBM Rational ClearQuest Web Multiple XSS Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/489861/100/0/threaded"
            },
            {
              "name": "ADV-2008-0952",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0952/references"
            },
            {
              "name": "1019685",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019685"
            },
            {
              "name": "3753",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3753"
            },
            {
              "name": "28296",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28296"
            },
            {
              "name": "29467",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29467"
            },
            {
              "name": "rational-clearquest-webinterface-xss(41328)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41328"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4592",
    "datePublished": "2008-03-20T00:00:00.000Z",
    "dateReserved": "2007-08-29T00:00:00.000Z",
    "dateUpdated": "2024-08-07T15:01:09.870Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2007-4592",
      "date": "2026-05-27",
      "epss": "0.16226",
      "percentile": "0.94906"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2003-06-16\", \"matchCriteriaId\": \"AF2B2BA7-86BA-45E5-B6D2-D279D6A3C873\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EBBBF4D-97FD-4DBC-B296-4235BAD38F61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00E3D80A-849E-4739-8905-373AE0C0189D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:rational_clearquest:7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEB65A10-EE74-43DF-8D05-B39551F57D2C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz web para IBM Rational ClearQuest versiones anteriores a 2003.06.16 Parche 2008A, 7.0.0.2_iFix01 y 7.0.1.1_iFix01, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los par\\u00e1metros (1) contextid , (2) username, (3) userNameVal y (4) schema en el componente login.\"}]",
      "id": "CVE-2007-4592",
      "lastModified": "2024-11-21T00:35:58.220",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-03-20T00:44:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/29467\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3753\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/489861/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/28296\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019685\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0952/references\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41328\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29467\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3753\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/489861/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28296\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019685\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0952/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41328\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4592\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-03-20T00:44:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz web para IBM Rational ClearQuest versiones anteriores a 2003.06.16 Parche 2008A, 7.0.0.2_iFix01 y 7.0.1.1_iFix01, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los par\u00e1metros (1) contextid , (2) username, (3) userNameVal y (4) schema en el componente login.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2003-06-16\",\"matchCriteriaId\":\"AF2B2BA7-86BA-45E5-B6D2-D279D6A3C873\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EBBBF4D-97FD-4DBC-B296-4235BAD38F61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00E3D80A-849E-4739-8905-373AE0C0189D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_clearquest:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEB65A10-EE74-43DF-8D05-B39551F57D2C\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/29467\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3753\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/489861/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28296\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019685\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0952/references\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41328\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29467\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3753\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/489861/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28296\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019685\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0952/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41328\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2007-4592

Vulnerability from fkie_nvd - Published: 2008-03-20 00:44 - Updated: 2026-04-23 00:35

Severity

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/29467	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3753
cve@mitre.org	http://www.securityfocus.com/archive/1/489861/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/28296
cve@mitre.org	http://www.securitytracker.com/id?1019685
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0952/references	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41328
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29467	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3753
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/489861/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28296
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019685
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0952/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41328

Impacted products

Vendor	Product	Version
ibm	rational_clearquest	*
ibm	rational_clearquest	7.0.1
ibm	rational_clearquest	7.0.1.1
ibm	rational_clearquest	7.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF2B2BA7-86BA-45E5-B6D2-D279D6A3C873",
              "versionEndIncluding": "2003-06-16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E3D80A-849E-4739-8905-373AE0C0189D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEB65A10-EE74-43DF-8D05-B39551F57D2C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz web para IBM Rational ClearQuest versiones anteriores a 2003.06.16 Parche 2008A, 7.0.0.2_iFix01 y 7.0.1.1_iFix01, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los par\u00e1metros (1) contextid , (2) username, (3) userNameVal y (4) schema en el componente login."
    }
  ],
  "id": "CVE-2007-4592",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-03-20T00:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29467"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3753"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/489861/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28296"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019685"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0952/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3753"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/489861/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0952/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41328"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-686M-VHGM-W87P

Vulnerability from github – Published: 2022-05-01 18:25 – Updated: 2022-05-01 18:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-4592"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-03-20T00:44:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.",
  "id": "GHSA-686m-vhgm-w87p",
  "modified": "2022-05-01T18:25:13Z",
  "published": "2022-05-01T18:25:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4592"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41328"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29467"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3753"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/489861/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28296"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019685"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0952/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-4592

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-4592

Aliases

CVE-2007-4592

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-4592",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.",
    "id": "GSD-2007-4592",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2007-4592"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-4592"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.",
      "id": "GSD-2007-4592",
      "modified": "2023-12-13T01:21:37.135563Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-4592",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20080319 IBM Rational ClearQuest Web Multiple XSS Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/489861/100/0/threaded"
          },
          {
            "name": "ADV-2008-0952",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0952/references"
          },
          {
            "name": "1019685",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019685"
          },
          {
            "name": "3753",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3753"
          },
          {
            "name": "28296",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28296"
          },
          {
            "name": "29467",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29467"
          },
          {
            "name": "rational-clearquest-webinterface-xss(41328)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41328"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2003-06-16",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.0.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:rational_clearquest:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4592"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28296",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/28296"
            },
            {
              "name": "1019685",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019685"
            },
            {
              "name": "29467",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29467"
            },
            {
              "name": "3753",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3753"
            },
            {
              "name": "ADV-2008-0952",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0952/references"
            },
            {
              "name": "rational-clearquest-webinterface-xss(41328)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41328"
            },
            {
              "name": "20080319 IBM Rational ClearQuest Web Multiple XSS Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/489861/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T21:36Z",
      "publishedDate": "2008-03-20T00:44Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-4592 (GCVE-0-2007-4592)

FKIE_CVE-2007-4592

GHSA-686M-VHGM-W87P

GSD-2007-4592

Tags

Sightings

Nomenclature