Environment
Novell Service Desk 7.0.3
Novell Service Desk 7.1
Novell Service Desk 7.1
Situation
There were multiple stored cross site scripting vulnerabilities
that may have allowed an attacker authenticated as a non-privileged
user to inject arbitrary javascript into the context of other
users' browser sessions (including administrative users).
This has been reported as CVE-2016-1596.
This has been reported as CVE-2016-1596.
Resolution
This has been fixed in Micro Focus Service Desk 7.2.
Additional Information
Thanks to Pedro Ribeiro (pedrib@gmail.com) from Agile Information
Security for discovering and reporting this vulnerability.