2 matches found
CVE-2013-4945
CVE-2013-4945 affects BMC Service Desk Express (SDE) version 10.2.1.95, where multiple SQL injection flaws allow remote attackers to inject arbitrary SQL through cookies (ASPSESSIONIDASSRATTQ, TABLE_WIDGET_1, TABLE_WIDGET_2, browserDateTimeInfo, browserNumberInfo) or the UID parameter to login.as...
CVE-2013-4946
CVE-2013-4946 concerns multiple XSS vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95. The affected component is the web interface, with input vectors in three parameters: SelTab (QV_admin.aspx), CallBack (QV_grid.aspx), and HelpPage (commonhelp.aspx). The root cause is cross-site scrip...