Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/95447
http://www.securitytracker.com/id/1030756
http://www.securityfocus.com/bid/69380
http://secunia.com/advisories/60714