Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2012-1062

CVE information

Published

10 years ago

Last Modified

5 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

Description

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474..

CVSSv2.0 Score

Severity
Medium
Base Score
4.3/10
Exploit Score
8.6/10
Access Vector
Network
Access Complexity
Medium
Authentication Required
None
Impact Score
2.9/10
Confidentiality Impact
None
Availability Impact
None
Integrity Impact
Partial

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:manageengine:applications_manager:10.2:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:manageengine:applications_manager:10.3:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:manageengine:applications_manager:10.1:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:manageengine:applications_manager:10.0:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:manageengine:applications_manager:9:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:manageengine:applications_manager:9.2:*:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:manageengine:applications_manager:9.4:*:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:manageengine:applications_manager:9.1:*:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:manageengine:applications_manager:9.3:*:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:manageengine:applications_manager:9.5:*:*:*:*:*:*:
  Yes
- -