VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 30, 2011· Updated Apr 29, 2026

CVE-2011-2606

CVE-2011-2606

Description

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165511.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting vulnerability in IBM Rational Team Concert 3.0 Web UI allows remote attackers to inject arbitrary script via an unspecified parameter.

Vulnerability

IBM Rational Team Concert (RTC) version 3.0 contains a cross-site scripting (XSS) vulnerability in its Web UI. An unspecified parameter fails to properly sanitize user input, allowing injection of arbitrary web script or HTML. This issue is tracked as Work Item 165511 and IBM APAR PM40308 [2].

Exploitation

A remote attacker can craft a malicious URL or input containing script code and deliver it to a victim. When the victim accesses the affected Web UI page, the injected script executes in the context of the victim's browser session. No authentication is required to trigger the vulnerability, but the attacker must entice the user to interact with the crafted link or input.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser. This can lead to session hijacking, theft of sensitive information, or manipulation of the Web UI content. The impact is limited to the privileges of the victim's session within RTC.

Mitigation

IBM released a fix for this vulnerability as part of APAR PM40308, available in the R300 PSN UP level (likely 3.0.0.1 or a cumulative patch). Users should upgrade to the fixed version. No workarounds are documented. This CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.

References
  1. PM40308: [wi 165511] XSS vulnerability found in parameter.

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • IBM/Rational Team Concert2 versions
    cpe:2.3:a:ibm:rational_team_concert:3.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ibm:rational_team_concert:3.0:*:*:*:*:*:*:*
    • (no CPE)range: =3.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.