Vulnerabilities > Manageengine > Applications Manager > 9.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-02-14 | CVE-2012-1063 | SQL Injection vulnerability in Manageengine Applications Manager Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do. | 7.5 |
2012-02-14 | CVE-2012-1062 | Cross-Site Scripting vulnerability in Manageengine Applications Manager Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. | 4.3 |