1 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en jsp/Login.do de ManageEngien OpManager MSP Edition y OpManager 7.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros 1) requestid, (2) fileid, (3) woMode, y (2) woID. NOTA: la procedencia de esta información es desconocida; los detalles se han obtenido exclusivamente de información de terceros. • http://osvdb.org/38437 http://secunia.com/advisories/27456 http://www.securityfocus.com/bid/26368 https://exchange.xforce.ibmcloud.com/vulnerabilities/38314 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •