Cross-Site Scripting Vulnerabilities in ManageEngine Applications Manager by Zoho
CVE-2012-1062

Currently unrated

Key Information:

Vendor

Manageengine
Status
Applications Manager
Vendor
CVE Published:
14 February 2012

What is CVE-2012-1062?

Multiple cross-site scripting (XSS) vulnerabilities exist in ManageEngine Applications Manager versions 9.x and 10.x, enabling remote attackers to inject arbitrary scripts or HTML. The vulnerabilities can be exploited through several parameters, including 'period' in the showHistoryData.do page, as well as selected parameters in the showresource.do and AlarmView.do pages. Other vectors include the 'header' parameter in AlarmView.do and the 'attName' parameter in jsp/PopUp_Graph.jsp. It is crucial for users to be aware of these weaknesses to fortify their web applications against potential attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72830
vdb-entryx_refsource_XF
http://www.vulnerability-lab.com/get_content.php?id=115
x_refsource_MISC
http://packetstormsecurity.org/files/view/109238/VL-115.txt
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.