IBM Rational DOORS Next Generation is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Information
CVE-2017-1546
CVE-2017-1560
CVE-2017-1678
CVE-2017-1461
IBM Rational Requirements Composer 5.0.1
IBM Rational Requirements Composer 4.0.7
IBM Rational Requirements Composer 4.0.5
IBM Rational Requirements Composer 4.0.4
IBM Rational Requirements Composer 4.0.3
IBM Rational Requirements Composer 4.0.1
IBM Rational Requirements Composer 5.0
IBM Rational Requirements Composer 4.0.6
IBM Rational Requirements Composer 4.0
IBM Rational DOORS Next Generation 6.0.4
IBM Rational DOORS Next Generation 6.0.3
IBM Rational DOORS Next Generation 6.0.2
IBM Rational DOORS Next Generation 6.0.1
IBM Rational DOORS Next Generation 6.0
IBM Rational Requirements Composer 4.0.7 iFix015
IBM Rational DOORS Next Generation 6.0.2 iFix014
Exploit
An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
References: