Medium severity6.1NVD Advisory· Published Aug 21, 2018· Updated Jun 17, 2026
CVE-2018-15528
CVE-2018-15528
Description
Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "select_sso()" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?[XSS] link and then clicks the "Login" button.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 4.0.13.1
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/149007/BMC-MyIT-Java-System-Solutions-SSO-Plugin-4.0.13.1-Cross-Site-Scripting.htmlnvdExploitThird Party AdvisoryVDB Entry
- seclists.org/bugtraq/2018/Aug/41nvdExploitMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.