CVE-2007-5891

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 48.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Opmanager

Timeline

PublishedNov 8

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmanageengine/opmanager7.0

🔴Vulnerability Details

GHSA

GHSA-7m25-w5rv-q6w6: Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login↗2022-05-01

▶

CVEList

CVE-2007-5891: Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login↗2007-11-08

▶