Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0474

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 43.80%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Manageengine Applications Manager
Timeline
PublishedJan 29
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showT

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-27xx-mxf2-ph5m: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 82022-05-01
CVEList
CVE-2008-0474: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 82008-01-29

💥Exploits & PoCs

1
Exploit-DB
ManageEngine Application Manager 10 - Multiple Vulnerabilities2012-08-01
CVE-2008-0474 (MEDIUM CVSS 4.3) | Multiple cross-site scripting (XSS) | cvebase.io