Multiple Stored Cross Site Scripting Vulnerabilities in Service Desk (CVE-2016-1596)

  • 7017431
  • 30-Mar-2016
  • 04-Apr-2016

Environment

Novell Service Desk 7.0.3
Novell Service Desk 7.1

Situation

There were multiple stored cross site scripting vulnerabilities that may have allowed an attacker authenticated as a non-privileged user to inject arbitrary javascript into the context of other users' browser sessions (including administrative users).

This has been reported as CVE-2016-1596.

Resolution

This has been fixed in Micro Focus Service Desk 7.2.

Additional Information

Thanks to Pedro Ribeiro (pedrib@gmail.com) from Agile Information Security for discovering and reporting this vulnerability.