Cross-Site Scripting Vulnerabilities in BMC Service Desk Express by BMC Software
CVE-2013-4946

Currently unrated

Key Information:

Vendor: Bmc
Status: Service Desk Express
Vendor: CVE Published:; 29 July 2013

What is CVE-2013-4946?

BMC Service Desk Express versions prior to 10.2.1.95 are vulnerable to multiple cross-site scripting (XSS) exploits. Attackers can inject arbitrary web scripts or HTML through unsecured parameters such as SelTab in QV_admin.aspx, CallBack in QV_grid.aspx, and HelpPage in commonhelp.aspx, potentially leading to unauthorized operations or data exposure.

References

http://www.exploit-db.com/exploits/26806

exploitx_refsource_EXPLOIT-DB

http://archives.neohapsis.com/archives/bugtraq/2013-07/00...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/61147

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 29, 2013

JSON

Bmc

What is CVE-2013-4946?

References

Timeline