HTTP: Micro Focus Novell Service Desk Cross Site Scripting
This signature detects attempts to exploit a known vulnerability against Micro Focus Novell Service Desk. Successful exploitation can result in cross-site scripting.
Extended Description
Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter.
Affected Products
Novell service_desk
References
CVE: CVE-2016-1596
Short Name
HTTP:XSS:NOVELL-SERVICE-DESK
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2016-1596 Cross Desk Focus Micro Novell Scripting Service Site
Release Date
02/28/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Novell
CVSS Score
3.5