CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2013-6222
https://notcve.org/view.php?id=CVE-2013-6222
Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en los componentes Mobility Web Client y Service Request Catalog (SRC) en HP Service Manager (SM) 7.21 y 9.x anterior a 9.34 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127 http://secunia.com/advisories/60028 http://secunia.com/advisories/60714 http://www.securityfocus.com/bid/69380 http://www.securitytracker.com/id/1030756 https://exchange.xforce.ibmcloud.com/vulnerabilities/95447 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 1%CPEs: 6EXPL: 0CVE-2014-2634
https://notcve.org/view.php?id=CVE-2014-2634
Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown vectors. Vulnerabilidad no especificada en el servidor en HP Service Manager (SM) 7.21 y 9.x anterior a 9.34 permite a atacantes remotos evadir las restricciones de acceso, y modificar datos o causar una denegación de servicio, a través de vectores desconocidos. • http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127 http://secunia.com/advisories/60028 http://secunia.com/advisories/60714 http://www.securityfocus.com/bid/69379 http://www.securitytracker.com/id/1030756 https://exchange.xforce.ibmcloud.com/vulnerabilities/95450 •
CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 0CVE-2013-6202
https://notcve.org/view.php?id=CVE-2013-6202
Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) insert XSS sequences or (2) execute arbitrary code. Múltiples vulnerabilidades de CSRF en HP Service Manager 9.30, 9.31, 9.32 y 9.33 permiten a atacantes remotos secuestrar la autenticación de victimas no especificadas para solicitudes que (1) insertan secuencias XSS o (2) ejecutan código arbitrario. • http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04117626 http://www.securitytracker.com/id/1029803 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2013-4844
https://notcve.org/view.php?id=CVE-2013-4844
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en HP Service Manager 7.11, 9.21, 9.30, 9.31, y 9.32, y ServiceCenter 6.2.8, permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04026812 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4831
https://notcve.org/view.php?id=CVE-2013-4831
HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. HP Service Manager 9.30 hasta 9.32 no administra apropiadamente los privilegios, lo que permite a usuarios remotos autenticados obtener información sensible o modificar datos a través de vectores no especificados. • http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03960916 •