Vulnerabilities > Manageengine > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-10 | CVE-2012-4891 | Cross-Site Scripting vulnerability in Manageengine Firewall Analyzer 7.2 Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vector than CVE-2012-4889. | 4.3 |
| 2012-09-10 | CVE-2012-4889 | Cross-Site Scripting vulnerability in Manageengine Firewall Analyzer 7.2 Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do. | 4.3 |
| 2012-08-12 | CVE-2012-2585 | Cross-Site Scripting vulnerability in Manageengine Servicedesk Plus 8.1 Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element. | 4.3 |
| 2012-02-14 | CVE-2012-1062 | Cross-Site Scripting vulnerability in Manageengine Applications Manager Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. | 4.3 |
| 2012-02-13 | CVE-2012-1049 | Cross-Site Scripting vulnerability in Manageengine Admanager Plus 5.2 Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do. | 4.3 |
| 2011-09-27 | CVE-2010-4841 | Cross-Site Scripting vulnerability in Manageengine Eventlog Analyzer 6.1 Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported parameter to INDEX2.do, the (9) gId parameter to hostlist.do, the (10) newWindow parameter to globalSettings.do, or the (11) STATUS parameter to enableHost.do. | 4.3 |
| 2011-09-20 | CVE-2011-1510 | Cross-Site Scripting vulnerability in Manageengine Servicedesk Plus Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. | 4.3 |
| 2011-09-20 | CVE-2011-1509 | Cryptographic Issues vulnerability in Manageengine Servicedesk Plus 8.0 The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2011-07-17 | CVE-2011-2757 | Path Traversal vulnerability in Manageengine Servicedesk Plus 7.0.0/7.6/8.0 Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2011-07-17 | CVE-2011-2756 | Improper Authentication vulnerability in Manageengine Servicedesk Plus 8.0 FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors. | 5.0 |