Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0123.
2015-03-13T01:59:22.897
2025-04-12T10:46:40.837
Deferred
CVSSv2: 3.5 (LOW)
AV:N/AC:M/Au:S/C:N/I:P/A:N
6.8
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ibm | rational_team_concert | 2.0.0.2 | Yes |
| Application | ibm | rational_team_concert | 3.0 | Yes |
| Application | ibm | rational_team_concert | 3.0.1 | Yes |
| Application | ibm | rational_team_concert | 3.0.1.1 | Yes |
| Application | ibm | rational_team_concert | 3.0.1.2 | Yes |
| Application | ibm | rational_team_concert | 3.0.1.3 | Yes |
| Application | ibm | rational_team_concert | 3.0.1.4 | Yes |
| Application | ibm | rational_team_concert | 3.0.1.5 | Yes |
| Application | ibm | rational_team_concert | 3.0.1.6 | Yes |
| Application | ibm | rational_team_concert | 4.0 | Yes |
| Application | ibm | rational_team_concert | 4.0.0.1 | Yes |
| Application | ibm | rational_team_concert | 4.0.0.2 | Yes |
| Application | ibm | rational_team_concert | 4.0.1 | Yes |
| Application | ibm | rational_team_concert | 4.0.2 | Yes |
| Application | ibm | rational_team_concert | 4.0.3 | Yes |
| Application | ibm | rational_team_concert | 4.0.4 | Yes |
| Application | ibm | rational_team_concert | 4.0.5 | Yes |
| Application | ibm | rational_team_concert | 4.0.6 | Yes |
| Application | ibm | rational_team_concert | 4.0.7 | Yes |
| Application | ibm | rational_team_concert | 5.0.0 | Yes |
| Application | ibm | rational_team_concert | 5.0.1 | Yes |