{"api_version":"1","generated_at":"2026-05-06T22:13:53+00:00","cve":"CVE-2013-6222","urls":{"html":"https://cve.report/CVE-2013-6222","api":"https://cve.report/api/cve/CVE-2013-6222.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-6222","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-6222"},"summary":{"title":"CVE-2013-6222","description":"Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","state":"PUBLIC","assigner":"hp-security-alert@hp.com","published_at":"2014-08-23 23:55:00","updated_at":"2017-08-29 01:33:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127","name":"SSRT101654","refsource":"HP","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://www.securityfocus.com/bid/69380","name":"69380","refsource":"BID","tags":[],"title":"HP Service Manager CVE-2013-6222 Multiple Cross Site Scripting and Unspecified Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/60028","name":"60028","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA60028 - HP Service Manager Multiple Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/95447","name":"hp-service-manager-cve20136222-xss(95447)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1030756","name":"1030756","refsource":"SECTRACK","tags":[],"title":"HP Service Manager Bugs Let Remote Users Gain Elevated Privileges, Modify Data, and Deny Service and Conduct Cross-Site Scripting and Cross-Site Requset Forgery Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/60714","name":"60714","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA60714 - HP Service Manager Multiple Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-6222","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6222","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"6222","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hp","cpe5":"service_manager","cpe6":"7.21","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"6222","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hp","cpe5":"service_manager","cpe6":"9.21","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"6222","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hp","cpe5":"service_manager","cpe6":"9.30","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"6222","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hp","cpe5":"service_manager","cpe6":"9.31","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"6222","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hp","cpe5":"service_manager","cpe6":"9.32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"6222","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hp","cpe5":"service_manager","cpe6":"9.33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"6222","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hp","cpe5":"service_manager","cpe6":"7.21","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"6222","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hp","cpe5":"service_manager","cpe6":"9.21","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"6222","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hp","cpe5":"service_manager","cpe6":"9.30","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"6222","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hp","cpe5":"service_manager","cpe6":"9.31","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"6222","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hp","cpe5":"service_manager","cpe6":"9.32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"6222","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hp","cpe5":"service_manager","cpe6":"9.33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"hp-security-alert@hp.com","ID":"CVE-2013-6222","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"hp-service-manager-cve20136222-xss(95447)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/95447"},{"name":"1030756","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1030756"},{"name":"60028","refsource":"SECUNIA","url":"http://secunia.com/advisories/60028"},{"name":"69380","refsource":"BID","url":"http://www.securityfocus.com/bid/69380"},{"name":"60714","refsource":"SECUNIA","url":"http://secunia.com/advisories/60714"},{"name":"SSRT101654","refsource":"HP","url":"http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127"},{"name":"HPSBMU03079","refsource":"HP","url":"http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127"}]}},"nvd":{"publishedDate":"2014-08-23 23:55:00","lastModifiedDate":"2017-08-29 01:33:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hp:service_manager:7.21:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hp:service_manager:9.33:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hp:service_manager:9.32:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hp:service_manager:9.30:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hp:service_manager:9.21:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hp:service_manager:9.31:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"6222","Ordinal":"65929","Title":"CVE-2013-6222","CVE":"CVE-2013-6222","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"6222","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Type":"Description","Title":null},{"CveYear":"2013","CveId":"6222","Ordinal":"2","NoteData":"2014-08-23","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"6222","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}