Cross-Site Scripting Vulnerabilities in ManageEngine Applications Manager
CVE-2008-0474

Currently unrated

Key Information:

Vendor: Manageengine
Status: Applications Manager
Vendor: CVE Published:; 29 January 2008

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager version 8.1 build 8100 enable remote attackers to execute arbitrary web scripts or HTML. These vulnerabilities occur via several parameters, including showlink in jsp/DiscoveryProfiles.jsp, and multiple parameters in jsp/ThresholdActionConfiguration.jsp and jsp/UpdateGlobalSettings.jsp, among others. This allows attackers to compromise the application’s functionality and potentially gain access to sensitive information.

References

http://www.securityfocus.com/bid/27443

vdb-entryx_refsource_BID

http://secunia.com/advisories/28332

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/39914

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 29, 2008
Vulnerability Reserved
Jan 29, 2008