Unrated severityNVD Advisory· Published Feb 14, 2012· Updated Apr 29, 2026

CVE-2012-1062

Description

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474.

Affected products

Manageengine/Applications Manager10 versions
cpe:2.3:a:manageengine:applications_manager:10.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:manageengine:applications_manager:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:applications_manager:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:applications_manager:10.2:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:applications_manager:10.3:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:applications_manager:9:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:applications_manager:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:applications_manager:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:applications_manager:9.3:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:applications_manager:9.4:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:applications_manager:9.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.org/files/view/109238/VL-115.txtnvdExploit
secunia.com/advisories/47724nvdVendor Advisory
osvdb.org/78721nvd
osvdb.org/78722nvd
www.securityfocus.com/bid/51796nvd
www.vulnerability-lab.com/get_content.phpnvd
exchange.xforce.ibmcloud.com/vulnerabilities/72830nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000