Cross-Site Scripting Vulnerability in HP Service Manager WebTier and Windows Client
CVE-2013-6198

Currently unrated

Key Information:

Vendor: HP
Status: Service Manager Web Tier; Service Manager Web Client; Service Manager
Vendor: CVE Published:; 29 December 2013

Summary

A cross-site scripting (XSS) vulnerability exists in multiple versions of HP Service Manager WebTier and Windows Client, allowing remote attackers to inject arbitrary web scripts or HTML. This flaw arises due to improper validation of user-supplied data, posing a significant risk as it can be exploited via various unspecified vectors, potentially compromising the security of user sessions and sensitive data.

References

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/...

vendor-advisoryx_refsource_HP

https://exchange.xforce.ibmcloud.com/vulnerabilities/89975

vdb-entryx_refsource_XF

http://www.securitytracker.com/id/1029541

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Dec 29, 2013
Vulnerability Reserved
Oct 21, 2013