CVE-2013-5404

Name of the Vulnerable Software and Affected Versions IBM Rational Quality Manager versions 2.0 through 2.0.1.1 IBM Rational Quality Manager versions 3.x before 3.0.1.6 iFix 1 IBM Rational Quality Manager versions 4.x before 4.0.5

Description A cross-site scripting (XSS) issue exists in the search implementation, allowing remote authenticated users to inject arbitrary web script or HTML via vectors involving an IFRAME element.

Recommendations For versions 2.0 through 2.0.1.1, update to a version outside of this range to resolve the issue. For versions 3.x before 3.0.1.6 iFix 1, apply iFix 1 or later to version 3.0.1.6 to resolve the issue. For versions 4.x before 4.0.5, update to version 4.0.5 or later to resolve the issue.