Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1062

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1062
Last Modified 14 Feb 2012 12:00:00
Published 13 Feb 2012 07:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1062

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474.

Vulnerable Systems

Application

  • Manageengine Applications Manager 10.0

  • Manageengine Applications Manager 10.1

  • Manageengine Applications Manager 10.2

  • Manageengine Applications Manager 10.3

  • Manageengine Applications Manager 9

  • Manageengine Applications Manager 9.1

  • Manageengine Applications Manager 9.2

  • Manageengine Applications Manager 9.3

  • Manageengine Applications Manager 9.4

  • Manageengine Applications Manager 9.5


References

XF - meapplicationsmanager-multiple-xss(72830)

MISC - http://www.vulnerability-lab.com/get_content.php?id=115

BID - 51796

SECUNIA - 47724

MISC - http://packetstormsecurity.org/files/view/109238/VL-115.txt

OSVDB - 78722

OSVDB - 78721


Last Updated: 27 May 2016 10:58:15