N/A

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474.

N/A

N/A

ManageEngine Applications Manager跨站脚本漏洞

ManageEngine Applications Manager 9.x版本和10.x版本中存多个跨站脚本漏洞（XSS）。远程攻击者可利用漏洞借助（1）showHistoryData.do的period参数（2）selectedNetwork（3）network或者（4）showresource.do的group参数（5）AlarmView.do的header参数（6）jsp/PopUp_Graph.jsp.的attName参数，注入任意web脚本或HTML。

N/A

N/A