Cross-Site Scripting Vulnerability in Matrix42 Service Desk
CVE-2013-2504

Currently unrated

Key Information:

Vendor: Matrix42
Status: Service Store
Vendor: CVE Published:; 29 December 2013

What is CVE-2013-2504?

A cross-site scripting (XSS) vulnerability exists in the Matrix42 Service Store 5.3 SP3, specifically within the SPS/Portal/default.aspx component. This flaw allows remote attackers to execute arbitrary web scripts or HTML through crafted query strings. Exploitation of this vulnerability can lead to unauthorized access to sensitive information and compromise the integrity of users' sessions. Organizations utilizing this affected product should implement immediate security measures to mitigate the risk associated with this vulnerability.

References

http://seclists.org/fulldisclosure/2013/Apr/153

mailing-listx_refsource_FULLDISC

http://archives.neohapsis.com/archives/bugtraq/2013-04/01...

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 29, 2013
Vulnerability Reserved
Mar 7, 2013

CVE-2013-2504 Data

JSON