CVE-2008-4119

Broadcom Service Desk - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms."

References (9)

[Various Sources] http://community.ca.com/blogs/casecurityresponseblog/archive/2008/09/25.aspx

[Vendor Advisory] http://secunia.com/advisories/32038

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1020949

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45416

[Various Sources] https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=186585

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/496755/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31412

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2673

[Third Party Advisory] http://securityreason.com/securityalert/4318

Scores

EPSS 0.0076

EPSS Percentile 73.0%

Classification

CWE

CWE-79

Status published

Affected Products (5)

broadcom/service_desk

ca/cmdb

n/a/n/a

Timeline

Published Sep 27, 2008

Tracked Since Feb 18, 2026