CVE-2013-6222

Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: Aug 24, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-6222
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
hp / service_manager	7.21	7.21.x
hp / service_manager	9.33	9.33.x
hp / service_manager	9.32	9.32.x
hp / service_manager	9.30	9.30.x
hp / service_manager	9.21	9.21.x
hp / service_manager	9.31	9.31.x

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127
http://secunia.com/advisories/60028
http://secunia.com/advisories/60714
http://www.securityfocus.com/bid/69380
http://www.securitytracker.com/id/1030756
https://exchange.xforce.ibmcloud.com/vulnerabilities/95447

Vulnerability Database

289,784

CVE-2013-6222