CVE-2012-1062

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.5%
top 34.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Manageengine Applications Manager
Timeline
PublishedFeb 14
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redi

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-8v22-r255-jc2m: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 92022-05-17
CVEList
CVE-2012-1062: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 92012-02-14
CVE-2012-1062 (MEDIUM CVSS 4.3) | Multiple cross-site scripting (XSS) | cvebase.io