CVE-2007-3594
CVE-2007-3594
Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343.
Productos afectados
n/a · n/aPoCs públicas encontradas — 5
exploitdbwww.exploit-db.com/exploits/30275no verificadoexploitdbwww.exploit-db.com/exploits/30274no verificadoexploitdbwww.exploit-db.com/exploits/30271no verificadoexploitdbwww.exploit-db.com/exploits/30272no verificadoexploitdbwww.exploit-db.com/exploits/30273no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.htmlhttp://osvdb.org/37821http://osvdb.org/37822http://osvdb.org/37823http://osvdb.org/37824http://osvdb.org/37825http://osvdb.org/38945http://osvdb.org/38946http://osvdb.org/38947http://osvdb.org/38948http://osvdb.org/38949https://exchange.xforce.ibmcloud.com/vulnerabilities/35263