Page 4 of 23 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en los componentes Mobility Web Client y Service Request Catalog (SRC) en HP Service Manager (SM) 7.21 y 9.x anterior a 9.34 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127 http://secunia.com/advisories/60028 http://secunia.com/advisories/60714 http://www.securityfocus.com/bid/69380 http://www.securitytracker.com/id/1030756 https://exchange.xforce.ibmcloud.com/vulnerabilities/95447 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.4EPSS: 1%CPEs: 6EXPL: 0

Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown vectors. Vulnerabilidad no especificada en el servidor en HP Service Manager (SM) 7.21 y 9.x anterior a 9.34 permite a atacantes remotos evadir las restricciones de acceso, y modificar datos o causar una denegación de servicio, a través de vectores desconocidos. • http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127 http://secunia.com/advisories/60028 http://secunia.com/advisories/60714 http://www.securityfocus.com/bid/69379 http://www.securitytracker.com/id/1030756 https://exchange.xforce.ibmcloud.com/vulnerabilities/95450 •

CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) insert XSS sequences or (2) execute arbitrary code. Múltiples vulnerabilidades de CSRF en HP Service Manager 9.30, 9.31, 9.32 y 9.33 permiten a atacantes remotos secuestrar la autenticación de victimas no especificadas para solicitudes que (1) insertan secuencias XSS o (2) ejecutan código arbitrario. • http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04117626 http://www.securitytracker.com/id/1029803 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0

Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en HP Service Manager 7.11, 9.21, 9.30, 9.31, y 9.32, y ServiceCenter 6.2.8, permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04026812 •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. HP Service Manager 9.30 hasta 9.32 no administra apropiadamente los privilegios, lo que permite a usuarios remotos autenticados obtener información sensible o modificar datos a través de vectores no especificados. • http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03960916 •