Cross-site Scripting Vulnerability in ManageEngine Applications Manager
CVE-2008-1566

Currently unrated

Key Information:

Vendor: Manageengine
Status: Applications Manager
Vendor: CVE Published:; 31 March 2008

Summary

A cross-site scripting (XSS) flaw exists within the Search.do functionality in ManageEngine Applications Manager 8.x. This vulnerability permits remote attackers to inject arbitrary web scripts or HTML through the manipulation of the query parameter. If exploited, this could lead to unauthorized actions being executed on behalf of an unsuspecting user. It is crucial for users of this version to implement proper input validation and to monitor for suspicious activity to mitigate any potential risks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/41505

vdb-entryx_refsource_XF

http://secunia.com/advisories/29564

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/28488

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Mar 31, 2008
Vulnerability Reserved
Mar 31, 2008