Cross-Site Scripting Vulnerabilities in BMC Service Desk Express by BMC Software
CVE-2013-4946

Currently unrated

Key Information:

Vendor

Bmc

Status
Service Desk Express
Vendor
CVE Published:
29 July 2013

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2013-4946?

BMC Service Desk Express versions prior to 10.2.1.95 are vulnerable to multiple cross-site scripting (XSS) exploits. Attackers can inject arbitrary web scripts or HTML through unsecured parameters such as SelTab in QV_admin.aspx, CallBack in QV_grid.aspx, and HelpPage in commonhelp.aspx, potentially leading to unauthorized operations or data exposure.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2013-4946 - Proof of Concept

References

http://www.exploit-db.com/exploits/26806
exploitx_refsource_EXPLOIT-DB
http://archives.neohapsis.com/archives/bugtraq/2013-07/00...
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/61147
vdb-entryx_refsource_BID

Timeline

  • Vulnerability Reserved

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

.