Unrated severityNVD Advisory· Published Oct 20, 2009· Updated Apr 23, 2026

CVE-2009-3730

Description

Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp.

Affected products

IBM/Rational Requisitepro
cpe:2.3:a:ibm:rational_requisitepro:7.1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vupen.com/english/advisories/2009/2958nvdPatchVendor Advisory
www-01.ibm.com/support/docview.wssnvdExploitPatchVendor Advisory
www.securityfocus.com/bid/36721nvdExploit
secunia.com/advisories/37052nvdVendor Advisory
osvdb.org/59088nvd
osvdb.org/59089nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000