QwikSec

Security Database

CVE

CWE

Training

CVE-2018-15528

Published: Aug 21, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "select_sso()" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?[XSS] link and then clicks the "Login" button.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/149007/BMC-MyIT-Java-System-Solutions-SSO-Plugin-4.0.13.1-Cross-Site-Scripting.html

x_refsource_MISC

20180820 [CVE-2018-15528] Reflected XSS in Java System Solutions SSO Plugin 4.0.13.1 for BMC MyIT

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.