Vulnerabilities > Novell > Service Desk > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-22 | CVE-2016-1596 | Cross-site Scripting vulnerability in Novell Service Desk 7.1 Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter. | 5.4 |
| 2016-04-22 | CVE-2016-1595 | Information Exposure vulnerability in Novell Service Desk 7.1 LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter. | 6.5 |
| 2016-04-22 | CVE-2016-1594 | Information Exposure vulnerability in Novell Service Desk 7.1 Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action. | 6.5 |