CVE-2017-1242
Description
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Quality Manager (RQM) versions 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection, potentially allowing attackers to execute malicious HTML in users' browsers within the site's security context.
Vulnerability
IBM Quality Manager (RQM) versions 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection [1]. A remote attacker can inject malicious HTML code into the application. When the injected code is viewed by a victim, it executes within the security context of the hosting site.
Exploitation
Exploitation requires an authenticated attacker with low privileges and user interaction (the victim must view the crafted content). The attacker sends the malicious HTML, which is rendered by the victim's browser without validation filtering [1].
Impact
Successful exploitation allows an attacker to execute arbitrary HTML in the victim's browser, potentially altering the behavior of the application or leading to credential disclosure within a trusted session. This impacts integrity and confidentiality to a low degree within the scope of the affected site.
Mitigation
IBM has released fixes; refer to the security bulletin for update guidance [1]. Administrators should apply the latest IBM Rational Quality Manager fix pack or interim fix as recommended. If upgrading is not immediately possible, limit user privileges and avoid clicking on untrusted content.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 5.0.x, 6.0 - 6.0.5
- Range: 6.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
- exchange.xforce.ibmcloud.com/vulnerabilities/124524mitrevdb-entryx_refsource_XF
News mentions
0No linked articles in our index yet.