CVE-2008-0474
ManageEngine Application Manager 10 - Multiple Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en ManageEngine Applications Manager 8.1 construcción 8100 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) showlink en jsp/DiscoveryProfiles.jsp; los parámetros (2) attributeIDs, (3) attributeToSelect, (4) redirectto, y (5) resourceid en (a) jsp/ThresholdActionConfiguration.jsp; los parámetros (6) page y (7) redirect en (b) jsp/UpdateGlobalSettings.jsp; y los parámetros (8) haid y (9) returnpath en (c) showTile.do. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos a partir de la información de terceros.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-01-29 CVE Reserved
- 2008-01-29 CVE Published
- 2012-08-01 First Exploit
- 2024-07-02 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/27443 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39914 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/20171 | 2012-08-01 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/28332 | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Manageengine Search vendor "Manageengine" | Applications Manager Search vendor "Manageengine" for product "Applications Manager" | 8.1_build_8100 Search vendor "Manageengine" for product "Applications Manager" and version "8.1_build_8100" | - |
Affected
| ||||||