Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

CVE-2007-3594 (GCVE-0-2007-3594)

Vulnerability from nvd – Published: 2007-07-06 18:00 – Updated: 2024-08-07 14:21

Summary

Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

13 references

URL	Tags
http://www.securityfocus.com/bid/24767	vdb-entryx_refsource_BID
http://osvdb.org/38949	vdb-entryx_refsource_OSVDB
http://osvdb.org/37825	vdb-entryx_refsource_OSVDB
http://lostmon.blogspot.com/2007/07/netflow-anali…	x_refsource_MISC
http://osvdb.org/38947	vdb-entryx_refsource_OSVDB
http://osvdb.org/37821	vdb-entryx_refsource_OSVDB
http://osvdb.org/38946	vdb-entryx_refsource_OSVDB
http://osvdb.org/37824	vdb-entryx_refsource_OSVDB
http://osvdb.org/37822	vdb-entryx_refsource_OSVDB
http://osvdb.org/38945	vdb-entryx_refsource_OSVDB
http://osvdb.org/38948	vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://osvdb.org/37823	vdb-entryx_refsource_OSVDB

Date Public

2007-07-04 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:21:36.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "24767",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24767"
          },
          {
            "name": "38949",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38949"
          },
          {
            "name": "37825",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37825"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
          },
          {
            "name": "38947",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38947"
          },
          {
            "name": "37821",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37821"
          },
          {
            "name": "38946",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38946"
          },
          {
            "name": "37824",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37824"
          },
          {
            "name": "37822",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37822"
          },
          {
            "name": "38945",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38945"
          },
          {
            "name": "38948",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38948"
          },
          {
            "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
          },
          {
            "name": "37823",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37823"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do.  NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "24767",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24767"
        },
        {
          "name": "38949",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38949"
        },
        {
          "name": "37825",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37825"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
        },
        {
          "name": "38947",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38947"
        },
        {
          "name": "37821",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37821"
        },
        {
          "name": "38946",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38946"
        },
        {
          "name": "37824",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37824"
        },
        {
          "name": "37822",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37822"
        },
        {
          "name": "38945",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38945"
        },
        {
          "name": "38948",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38948"
        },
        {
          "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
        },
        {
          "name": "37823",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37823"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3594",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do.  NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "24767",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24767"
            },
            {
              "name": "38949",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38949"
            },
            {
              "name": "37825",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37825"
            },
            {
              "name": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html",
              "refsource": "MISC",
              "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
            },
            {
              "name": "38947",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38947"
            },
            {
              "name": "37821",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37821"
            },
            {
              "name": "38946",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38946"
            },
            {
              "name": "37824",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37824"
            },
            {
              "name": "37822",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37822"
            },
            {
              "name": "38945",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38945"
            },
            {
              "name": "38948",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38948"
            },
            {
              "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
            },
            {
              "name": "37823",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37823"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3594",
    "datePublished": "2007-07-06T18:00:00.000Z",
    "dateReserved": "2007-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-07T14:21:36.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-3593 (GCVE-0-2007-3593)

Vulnerability from nvd – Published: 2007-07-06 18:00 – Updated: 2024-08-07 14:21

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

9 references

URL	Tags
http://lostmon.blogspot.com/2007/07/netflow-anali…	x_refsource_MISC
http://osvdb.org/37827	vdb-entryx_refsource_OSVDB
http://osvdb.org/37828	vdb-entryx_refsource_OSVDB
http://osvdb.org/37830	vdb-entryx_refsource_OSVDB
http://osvdb.org/37829	vdb-entryx_refsource_OSVDB
http://osvdb.org/37826	vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://secunia.com/advisories/25947	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/24766	vdb-entryx_refsource_BID

Date Public

2007-07-04 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:21:36.413Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
          },
          {
            "name": "37827",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37827"
          },
          {
            "name": "37828",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37828"
          },
          {
            "name": "37830",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37830"
          },
          {
            "name": "37829",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37829"
          },
          {
            "name": "37826",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37826"
          },
          {
            "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
          },
          {
            "name": "25947",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25947"
          },
          {
            "name": "24766",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24766"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
        },
        {
          "name": "37827",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37827"
        },
        {
          "name": "37828",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37828"
        },
        {
          "name": "37830",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37830"
        },
        {
          "name": "37829",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37829"
        },
        {
          "name": "37826",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37826"
        },
        {
          "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
        },
        {
          "name": "25947",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25947"
        },
        {
          "name": "24766",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24766"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3593",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html",
              "refsource": "MISC",
              "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
            },
            {
              "name": "37827",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37827"
            },
            {
              "name": "37828",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37828"
            },
            {
              "name": "37830",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37830"
            },
            {
              "name": "37829",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37829"
            },
            {
              "name": "37826",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37826"
            },
            {
              "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
            },
            {
              "name": "25947",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25947"
            },
            {
              "name": "24766",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24766"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3593",
    "datePublished": "2007-07-06T18:00:00.000Z",
    "dateReserved": "2007-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-07T14:21:36.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3522 (GCVE-0-2005-3522)

Vulnerability from nvd – Published: 2005-11-06 11:00 – Updated: 2024-08-07 23:17

Summary

Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

6 references

URL	Tags
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/15127	vdb-entryx_refsource_BID
http://securitytracker.com/id?1015078	vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=112967149509401&w=2	mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/17253/	third-party-advisoryx_refsource_SECUNIA
http://www.osvdb.org/20073	vdb-entryx_refsource_OSVDB

Date Public

2005-10-18 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:17:23.074Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "netflowanalyzer4-index-xss(22788)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22788"
          },
          {
            "name": "15127",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15127"
          },
          {
            "name": "1015078",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015078"
          },
          {
            "name": "20051018 NetFlow Analyzer 4 XSS Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=112967149509401\u0026w=2"
          },
          {
            "name": "17253",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17253/"
          },
          {
            "name": "20073",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/20073"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-10-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "netflowanalyzer4-index-xss(22788)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22788"
        },
        {
          "name": "15127",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15127"
        },
        {
          "name": "1015078",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015078"
        },
        {
          "name": "20051018 NetFlow Analyzer 4 XSS Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=112967149509401\u0026w=2"
        },
        {
          "name": "17253",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17253/"
        },
        {
          "name": "20073",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/20073"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3522",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "netflowanalyzer4-index-xss(22788)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22788"
            },
            {
              "name": "15127",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15127"
            },
            {
              "name": "1015078",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015078"
            },
            {
              "name": "20051018 NetFlow Analyzer 4 XSS Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=112967149509401\u0026w=2"
            },
            {
              "name": "17253",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17253/"
            },
            {
              "name": "20073",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/20073"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3522",
    "datePublished": "2005-11-06T11:00:00.000Z",
    "dateReserved": "2005-11-06T00:00:00.000Z",
    "dateUpdated": "2024-08-07T23:17:23.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-3594 (GCVE-0-2007-3594)

Vulnerability from cvelistv5 – Published: 2007-07-06 18:00 – Updated: 2024-08-07 14:21

Summary

Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

13 references

URL	Tags
http://www.securityfocus.com/bid/24767	vdb-entryx_refsource_BID
http://osvdb.org/38949	vdb-entryx_refsource_OSVDB
http://osvdb.org/37825	vdb-entryx_refsource_OSVDB
http://lostmon.blogspot.com/2007/07/netflow-anali…	x_refsource_MISC
http://osvdb.org/38947	vdb-entryx_refsource_OSVDB
http://osvdb.org/37821	vdb-entryx_refsource_OSVDB
http://osvdb.org/38946	vdb-entryx_refsource_OSVDB
http://osvdb.org/37824	vdb-entryx_refsource_OSVDB
http://osvdb.org/37822	vdb-entryx_refsource_OSVDB
http://osvdb.org/38945	vdb-entryx_refsource_OSVDB
http://osvdb.org/38948	vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://osvdb.org/37823	vdb-entryx_refsource_OSVDB

Date Public

2007-07-04 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:21:36.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "24767",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24767"
          },
          {
            "name": "38949",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38949"
          },
          {
            "name": "37825",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37825"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
          },
          {
            "name": "38947",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38947"
          },
          {
            "name": "37821",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37821"
          },
          {
            "name": "38946",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38946"
          },
          {
            "name": "37824",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37824"
          },
          {
            "name": "37822",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37822"
          },
          {
            "name": "38945",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38945"
          },
          {
            "name": "38948",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38948"
          },
          {
            "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
          },
          {
            "name": "37823",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37823"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do.  NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "24767",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24767"
        },
        {
          "name": "38949",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38949"
        },
        {
          "name": "37825",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37825"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
        },
        {
          "name": "38947",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38947"
        },
        {
          "name": "37821",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37821"
        },
        {
          "name": "38946",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38946"
        },
        {
          "name": "37824",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37824"
        },
        {
          "name": "37822",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37822"
        },
        {
          "name": "38945",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38945"
        },
        {
          "name": "38948",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38948"
        },
        {
          "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
        },
        {
          "name": "37823",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37823"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3594",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do.  NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "24767",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24767"
            },
            {
              "name": "38949",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38949"
            },
            {
              "name": "37825",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37825"
            },
            {
              "name": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html",
              "refsource": "MISC",
              "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
            },
            {
              "name": "38947",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38947"
            },
            {
              "name": "37821",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37821"
            },
            {
              "name": "38946",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38946"
            },
            {
              "name": "37824",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37824"
            },
            {
              "name": "37822",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37822"
            },
            {
              "name": "38945",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38945"
            },
            {
              "name": "38948",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38948"
            },
            {
              "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
            },
            {
              "name": "37823",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37823"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3594",
    "datePublished": "2007-07-06T18:00:00.000Z",
    "dateReserved": "2007-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-07T14:21:36.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-3593 (GCVE-0-2007-3593)

Vulnerability from cvelistv5 – Published: 2007-07-06 18:00 – Updated: 2024-08-07 14:21

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

9 references

URL	Tags
http://lostmon.blogspot.com/2007/07/netflow-anali…	x_refsource_MISC
http://osvdb.org/37827	vdb-entryx_refsource_OSVDB
http://osvdb.org/37828	vdb-entryx_refsource_OSVDB
http://osvdb.org/37830	vdb-entryx_refsource_OSVDB
http://osvdb.org/37829	vdb-entryx_refsource_OSVDB
http://osvdb.org/37826	vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://secunia.com/advisories/25947	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/24766	vdb-entryx_refsource_BID

Date Public

2007-07-04 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:21:36.413Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
          },
          {
            "name": "37827",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37827"
          },
          {
            "name": "37828",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37828"
          },
          {
            "name": "37830",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37830"
          },
          {
            "name": "37829",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37829"
          },
          {
            "name": "37826",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37826"
          },
          {
            "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
          },
          {
            "name": "25947",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25947"
          },
          {
            "name": "24766",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24766"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
        },
        {
          "name": "37827",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37827"
        },
        {
          "name": "37828",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37828"
        },
        {
          "name": "37830",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37830"
        },
        {
          "name": "37829",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37829"
        },
        {
          "name": "37826",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37826"
        },
        {
          "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
        },
        {
          "name": "25947",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25947"
        },
        {
          "name": "24766",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24766"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3593",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html",
              "refsource": "MISC",
              "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
            },
            {
              "name": "37827",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37827"
            },
            {
              "name": "37828",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37828"
            },
            {
              "name": "37830",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37830"
            },
            {
              "name": "37829",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37829"
            },
            {
              "name": "37826",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37826"
            },
            {
              "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
            },
            {
              "name": "25947",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25947"
            },
            {
              "name": "24766",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24766"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3593",
    "datePublished": "2007-07-06T18:00:00.000Z",
    "dateReserved": "2007-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-07T14:21:36.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3522 (GCVE-0-2005-3522)

Vulnerability from cvelistv5 – Published: 2005-11-06 11:00 – Updated: 2024-08-07 23:17

Summary

Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

6 references

URL	Tags
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/15127	vdb-entryx_refsource_BID
http://securitytracker.com/id?1015078	vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=112967149509401&w=2	mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/17253/	third-party-advisoryx_refsource_SECUNIA
http://www.osvdb.org/20073	vdb-entryx_refsource_OSVDB

Date Public

2005-10-18 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:17:23.074Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "netflowanalyzer4-index-xss(22788)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22788"
          },
          {
            "name": "15127",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15127"
          },
          {
            "name": "1015078",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015078"
          },
          {
            "name": "20051018 NetFlow Analyzer 4 XSS Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=112967149509401\u0026w=2"
          },
          {
            "name": "17253",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17253/"
          },
          {
            "name": "20073",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/20073"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-10-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "netflowanalyzer4-index-xss(22788)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22788"
        },
        {
          "name": "15127",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15127"
        },
        {
          "name": "1015078",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015078"
        },
        {
          "name": "20051018 NetFlow Analyzer 4 XSS Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=112967149509401\u0026w=2"
        },
        {
          "name": "17253",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17253/"
        },
        {
          "name": "20073",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/20073"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3522",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "netflowanalyzer4-index-xss(22788)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22788"
            },
            {
              "name": "15127",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15127"
            },
            {
              "name": "1015078",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015078"
            },
            {
              "name": "20051018 NetFlow Analyzer 4 XSS Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=112967149509401\u0026w=2"
            },
            {
              "name": "17253",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17253/"
            },
            {
              "name": "20073",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/20073"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3522",
    "datePublished": "2005-11-06T11:00:00.000Z",
    "dateReserved": "2005-11-06T00:00:00.000Z",
    "dateUpdated": "2024-08-07T23:17:23.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

6 vulnerabilities found for manageengine_netflow_analyzer by adventnet

CVE-2007-3594 (GCVE-0-2007-3594)

CVE-2007-3593 (GCVE-0-2007-3593)

CVE-2005-3522 (GCVE-0-2005-3522)

CVE-2007-3594 (GCVE-0-2007-3594)

CVE-2007-3593 (GCVE-0-2007-3593)

CVE-2005-3522 (GCVE-0-2005-3522)