Unrated severityNVD Advisory· Published Dec 5, 2008· Updated Apr 23, 2026

CVE-2008-5325

Description

Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Rational ClearQuest CQ Web versions before 7.0.0.4 and 7.0.1.3 contain multiple XSS flaws allowing remote attackers to inject arbitrary web script or HTML.

Vulnerability

IBM Rational ClearQuest CQ Web versions 7.0.0 up to (but not including) 7.0.0.4 and 7.0.1 up to (but not including) 7.0.1.3 contain multiple cross-site scripting (XSS) vulnerabilities in unspecified vectors. The issue affects 16 files within the CQ Web component [1].

Exploitation

An attacker can exploit these vulnerabilities by sending a crafted request to the CQ Web interface. No authentication is required, but user interaction (e.g., clicking a malicious link) may be necessary to trigger the XSS in the victim's browser. The exact attack vectors are not disclosed in the available references [1].

Impact

Successful exploitation allows an attacker to execute arbitrary web script or HTML in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. The attacker does not gain direct access to the server but can perform actions on behalf of the authenticated user if the victim is logged in [1].

Mitigation

IBM has released fixes in ClearQuest versions 7.0.0.4 and 7.0.1.3. Users should upgrade to these versions or later. No workarounds are documented in the available references [1].

References

PK69316: CQ Web Cross-site scripting vulnerability

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

IBM/Rational Clearquest2 versions
cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*range: >=7.0.0.0,<7.0.0.4
- (no CPE)range: 7.0.0 < 7.0.0.4 || 7.0.1 < 7.0.1.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/32847nvdThird Party Advisory
www-01.ibm.com/support/docview.wssnvdVendor Advisory
www.securityfocus.com/bid/32576nvdThird Party AdvisoryVDB Entry
www.osvdb.org/50369nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000