Cross-Site Scripting Vulnerabilities in ManageEngine Applications Manager by Zoho
CVE-2012-1062

Currently unrated

Key Information:

Vendor: Manageengine
Status: Applications Manager
Vendor: CVE Published:; 14 February 2012

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in ManageEngine Applications Manager versions 9.x and 10.x, enabling remote attackers to inject arbitrary scripts or HTML. The vulnerabilities can be exploited through several parameters, including 'period' in the showHistoryData.do page, as well as selected parameters in the showresource.do and AlarmView.do pages. Other vectors include the 'header' parameter in AlarmView.do and the 'attName' parameter in jsp/PopUp_Graph.jsp. It is crucial for users to be aware of these weaknesses to fortify their web applications against potential attacks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72830

vdb-entryx_refsource_XF

http://www.vulnerability-lab.com/get_content.php?id=115

x_refsource_MISC

http://packetstormsecurity.org/files/view/109238/VL-115.txt

x_refsource_MISC

Timeline

Vulnerability published
Feb 14, 2012
Vulnerability Reserved
Feb 13, 2012