Vulnerabilities > BMC > Service Desk Express

DATE CVE VULNERABILITY TITLE RISK
2013-07-29 CVE-2013-4946 Cross-Site Scripting vulnerability in BMC Service Desk Express 10.2.1.95
Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx.
network
bmc CWE-79
4.3
4.3
2013-07-29 CVE-2013-4945 SQL Injection vulnerability in BMC Service Desk Express 10.2.1.95
Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the (6) UID parameter to login.aspx.
network
low complexity
bmc CWE-89
7.5
7.5