CVE-2013-6222

HP Service Manager - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (6)

[Vendor Advisory] http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/69380

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/95447

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1030756

[Third Party Advisory] http://secunia.com/advisories/60028

[Third Party Advisory] http://secunia.com/advisories/60714

Scores

EPSS 0.0088

EPSS Percentile 75.1%

Details

CWE

CWE-79

Status published

Products (7)

hp/service_manager

hp/service_manager

hp/service_manager

hp/service_manager

hp/service_manager

hp/service_manager

n/a/n/a

Published Aug 23, 2014

Tracked Since Feb 18, 2026