CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-19554
https://notcve.org/view.php?id=CVE-2020-19554
Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en ManageEngine OPManager versiones anteriores a 12.5.174 incluyéndola, cuando la clave API contiene una carga útil XSS basada en XML • https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125177 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5891
https://notcve.org/view.php?id=CVE-2007-5891
Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en jsp/Login.do de ManageEngien OpManager MSP Edition y OpManager 7.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros 1) requestid, (2) fileid, (3) woMode, y (2) woID. NOTA: la procedencia de esta información es desconocida; los detalles se han obtenido exclusivamente de información de terceros. • http://osvdb.org/38437 http://secunia.com/advisories/27456 http://www.securityfocus.com/bid/26368 https://exchange.xforce.ibmcloud.com/vulnerabilities/38314 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •