CVE-2012-1062

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474.

Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en ManageEngine Applications Manager v9.x y v10.x permite a atacantes remotos inyectar código script web o HTML a través de (1) el parámetro period en showHistoryData.do; (2) selectedNetwork, (3) network, o (4) el parámetro group en showresource.do; (5) el parámetro header en AlarmView.do; o (6) el parámetro attName en jsp/PopUp_Graph.jsp. NOTA: el vector Search.do/query está también cubierto por CVE-2008-1566, y el vector jsp/ThresholdActionConfiguration.jsp redirectto está también cubierto por CVE-2008-0474.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-02-13 CVE Reserved
2012-02-14 CVE Published
2024-03-04 EPSS Updated
2024-08-06 CVE Updated
2024-08-06 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (7)

URL	Tag	Source
http://osvdb.org/78721	Vdb Entry
http://osvdb.org/78722	Vdb Entry
http://www.securityfocus.com/bid/51796	Vdb Entry
http://www.vulnerability-lab.com/get_content.php?id=115	X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/72830	Vdb Entry

URL	Date	SRC
http://packetstormsecurity.org/files/view/109238/VL-115.txt	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/47724	2017-08-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Manageengine Search vendor "Manageengine"		Applications Manager Search vendor "Manageengine" for product "Applications Manager"				10.0 Search vendor "Manageengine" for product "Applications Manager" and version "10.0"		-		Affected
Manageengine Search vendor "Manageengine"		Applications Manager Search vendor "Manageengine" for product "Applications Manager"				10.1 Search vendor "Manageengine" for product "Applications Manager" and version "10.1"		-		Affected
Manageengine Search vendor "Manageengine"		Applications Manager Search vendor "Manageengine" for product "Applications Manager"				10.2 Search vendor "Manageengine" for product "Applications Manager" and version "10.2"		-		Affected
Manageengine Search vendor "Manageengine"		Applications Manager Search vendor "Manageengine" for product "Applications Manager"				10.3 Search vendor "Manageengine" for product "Applications Manager" and version "10.3"		-		Affected
Manageengine Search vendor "Manageengine"		Applications Manager Search vendor "Manageengine" for product "Applications Manager"				9 Search vendor "Manageengine" for product "Applications Manager" and version "9"		-		Affected
Manageengine Search vendor "Manageengine"		Applications Manager Search vendor "Manageengine" for product "Applications Manager"				9.1 Search vendor "Manageengine" for product "Applications Manager" and version "9.1"		-		Affected
Manageengine Search vendor "Manageengine"		Applications Manager Search vendor "Manageengine" for product "Applications Manager"				9.2 Search vendor "Manageengine" for product "Applications Manager" and version "9.2"		-		Affected
Manageengine Search vendor "Manageengine"		Applications Manager Search vendor "Manageengine" for product "Applications Manager"				9.3 Search vendor "Manageengine" for product "Applications Manager" and version "9.3"		-		Affected
Manageengine Search vendor "Manageengine"		Applications Manager Search vendor "Manageengine" for product "Applications Manager"				9.4 Search vendor "Manageengine" for product "Applications Manager" and version "9.4"		-		Affected
Manageengine Search vendor "Manageengine"		Applications Manager Search vendor "Manageengine" for product "Applications Manager"				9.5 Search vendor "Manageengine" for product "Applications Manager" and version "9.5"		-		Affected