// For flags

CVE-2007-3594

OpManager 6/7 - '/admin/DeviceAssociation.do' Multiple Cross-Site Scripting Vulnerabilities

Severity Score

2.6
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

6
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343.

Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en AdventNet ManageEngine OpManager 6 y 7 permiten a atacantes remotos inyectar scripts web o HTML de su elección mediante (1) parámetro name en (a) ping.do y (b) traceRoute.do en map/; parámetros (2) reportName, (3) displayName, y (4) selectedNode en (c) reports/ReportViewAction.do; (5) parámetro operation en (d) admin/ServiceConfiguration.do; y parámetros (6) selectedNode y (7) selectedTab en (e) admin/DeviceAssociation.do.
NOTE: el parámetro searchTerm en Search.do ya está cubierto en CVE-2006-2343.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-07-04 First Exploit
  • 2007-07-06 CVE Reserved
  • 2007-07-06 CVE Published
  • 2024-06-16 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Adventnet
Search vendor "Adventnet"
Manageengine Netflow Analyzer
Search vendor "Adventnet" for product "Manageengine Netflow Analyzer"
6
Search vendor "Adventnet" for product "Manageengine Netflow Analyzer" and version "6"
-
Affected
Adventnet
Search vendor "Adventnet"
Manageengine Netflow Analyzer
Search vendor "Adventnet" for product "Manageengine Netflow Analyzer"
7
Search vendor "Adventnet" for product "Manageengine Netflow Analyzer" and version "7"
-
Affected