NVD

Id
17951  
Name
CVE-2016-1596  
Description
Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter.  
Reject
 
CVSS Version
2  
CVSS Score
3.5  
Severity
Low  
CVSS Base Score
3.5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2016-04-22  
Modified Date
2016-12-02  
Seq
2016-1596  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
98269 17951 CVE-2016-1596 20160410 [Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0  View
98270 17951 CVE-2016-1596 https://packetstormsecurity.com/files/136646  View
98271 17951 CVE-2016-1596 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/novell-service-desk-7.1.0.txt  View
98272 17951 CVE-2016-1596 39687  View
98273 17951 CVE-2016-1596 https://www.novell.com/support/kb/doc.php?id=7017431  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
1615 JVNDB-2016-002388 Micro Focus Novell Service Desk におけるクロスサイトスクリプティングの脆弱性 Micro Focus Novell Service Desk には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2016-1596 88102 CVE-2016-1596 17951 3.5 5.4 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002388.html 2016-03-30 2016-05-02 View