Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in BMC Service Desk Express SDE 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the 1 SelTab parameter to QVadmin.aspx, the 2 CallBack parameter to QVgrid.aspx, or the 3 HelpPage parameter to commonhelp.aspx...