Lucene search

PRIOn knowledge basePRION:CVE-2007-3593

HistoryJul 06, 2007 - 6:30 p.m.

Cross site scripting

2007-07-0618:30:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in © netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500.

CPENameOperatorVersion
manageengine_netflow_analyzereq5

CPE	Name	Operator	Version
	manageengine_netflow_analyzer	eq	5

References

osvdb.org/37826

osvdb.org/37827

osvdb.org/37828

osvdb.org/37829

osvdb.org/37830

secunia.com/advisories/25947

www.securityfocus.com/bid/24766

exchange.xforce.ibmcloud.com/vulnerabilities/35263

lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.7%

JSON

Related for PRION:CVE-2007-3593

cve1