S4Squatch

**Name of the Vulnerable Software and Affected Versions** Cisco Collaboration Server (CCS) version 5 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `dest` parameter in the `/webline/html/admin/wcs/LoginPage.jhtml` API endpoint. **Recommendations** For Cisco Collaboration Server (CCS) version 5, avoid using the `dest` parameter in the `/webline/html/admin/wcs/LoginPage.jhtml` API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cisco Collaboration Server (CCS) version 5 **Description** The issue allows remote attackers to read the source code of JHTML files by manipulating URL encoded characters in the filename extension. This can be achieved through various methods, including changing the .jhtml extension to %2Ejhtml, .jhtm%6C, appending %00, or appending %c0%80 after .jhtml. The affected components include doc/docindex.jhtml, browserId/wizardForm.jhtml, webline/html/forms/callback.jhtml, webline/html/forms/callbackICM.jhtml, webline/html/agent/AgentFrame.jhtml, webline/html/agent/default/badlogin.jhtml, callme/callForm.jhtml, webline/html/multichatui/nowDefunctWindow.jhtml, browserId/wizard.jhtml, admin/CiscoAdmin.jhtml, msccallme/mscCallForm.jhtml, and webline/html/admin/wcs/LoginPage.jhtml. **Recommendations** As a temporary workaround, consider restricting access to the affected JHTML files until a patch is available. Avoid using URL encoded characters in the filename extension to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM Rational ClearQuest (CQ) Web versions 7.0.0.0-IFIX02 through 7.0.0.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` parameter in a "GenerateMainFrame" command, specifically targeting the "/main" endpoint. **Recommendations** For versions 7.0.0.0-IFIX02 through 7.0.0.1, avoid using the `username` parameter in the affected API endpoint until the issue is resolved. Restrict access to the "/main" endpoint to minimize the risk of exploitation.