Cross-Site Scripting Vulnerabilities in ManageEngine OpManager Products
CVE-2007-5891

Currently unrated

Key Information:

Vendor: Manageengine
Status: Opmanager; Opmanager Msp
Vendor: CVE Published:; 8 November 2007

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in the jsp/Login.do component of ManageEngine OpManager MSP Edition and OpManager 7.0. These vulnerabilities can be exploited by remote attackers to inject arbitrary web scripts or HTML into the application. The vulnerable parameters include requestid, fileid, woMode, and woID, which may allow attackers to manipulate the application's behavior and compromise the security of the application.

References

http://www.securityfocus.com/bid/26368

vdb-entryx_refsource_BID

http://secunia.com/advisories/27456

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/38437

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Nov 8, 2007
Vulnerability Reserved
Nov 7, 2007