Lucene search

[email protected]CVE-2007-3593

HistoryJul 06, 2007 - 6:30 p.m.

CVE-2007-3593

2007-07-0618:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-3593

cross site scripting

xss

manageengine netflow analyzer 5

security vulnerability

nvd

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in © netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500.

CPENameOperatorVersion
adventnet:manageengine_netflow_analyzeradventnet manageengine netflow analyzereq5

CPE	Name	Operator	Version
adventnet:manageengine_netflow_analyzer	adventnet manageengine netflow analyzer	eq	5

References

lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html

osvdb.org/37826

osvdb.org/37827

osvdb.org/37828

osvdb.org/37829

osvdb.org/37830

secunia.com/advisories/25947

www.securityfocus.com/bid/24766

exchange.xforce.ibmcloud.com/vulnerabilities/35263

Social References

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.7%

JSON

Related for CVE-2007-3593

prion1