VYPR
Unrated severityNVD Advisory· Published Feb 14, 2012· Updated Jun 16, 2026

CVE-2012-1062

CVE-2012-1062

Description

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • cpe:2.3:a:manageengine:applications_manager:10.0:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:manageengine:applications_manager:10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:manageengine:applications_manager:10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:manageengine:applications_manager:10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:manageengine:applications_manager:10.3:*:*:*:*:*:*:*
    • cpe:2.3:a:manageengine:applications_manager:9:*:*:*:*:*:*:*
    • cpe:2.3:a:manageengine:applications_manager:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:manageengine:applications_manager:9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:manageengine:applications_manager:9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:manageengine:applications_manager:9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:manageengine:applications_manager:9.5:*:*:*:*:*:*:*
    • (no CPE)range: >=9.0, <=10.x

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.