6 Replies Latest reply on May 10, 2017 11:01 AM by Yogesh Deshpande

    XSS vulnerability with BMC Remedy Web-Mid Tier (on all versions till today)

      Share This:

      Our pen testers have recently found out that remedy system has an XSS vulnerability.


      Steps to reproduce -

      1 Login to Remedy Web using Firefox

      2 Open a new adjacent tab in the same browser session and copy the URL below (you could change the form-name 'HPD:HelpDesk' to any existing form on your server).



      It executes the script.


      If anybody knows any workaround it, that would be very helpful.


      Thank you,