CVE-2016-1596

Name of the Vulnerable Software and Affected Versions Micro Focus Novell Service Desk versions prior to 7.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via certain parameters, including user name, tf aClientFirstName, tf aClientLastName, ta selectedTopicContent, tf orgUnitName, tf aManufacturerFullName, tf aManufacturerName, tf aManufacturerAddress, and tf aManufacturerCity.

Recommendations For versions prior to 7.2, update to version 7.2 or later to resolve the issue.