CVE-2008-4119
CA Service Desk 11.2 and CMDB 11.0-11.2 - Cross-Site Scripting via Multiple Web Forms
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms."
References (9)
Core 9
Core References
Various Sources x_refsource_confirm
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=186585
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45416
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1020949
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31412
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32038
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2673
Various Sources x_refsource_confirm
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/09/25.aspx
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4318
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/496755/100/0/threaded
Scores
EPSS
0.0076
EPSS Percentile
73.5%
Details
CWE
CWE-79
Status
published
Products (4)
broadcom/service_desk
11.2
ca/cmdb
11.0
ca/cmdb
11.1
ca/cmdb
11.2
Published
Sep 27, 2008
Tracked Since
Feb 18, 2026