ManageEngine OpStor days Parameter XSS

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

A web application on the remote host is affected by a cross-site
scripting vulnerability.

Description :

The remote ManageEngine OpStor install is affected by a cross-site
scripting vulnerability. The application does not properly sanitize the
'days' parameter on the '' script.

A remote attacker could exploit this by tricking a user into requesting
a maliciously crafted URL. Exploitation could also allow the attacker
to steal cookie-based authentication credentials.

The application is also reported to be vulnerable to SQL injection
attacks as well as a cross-site scripting attack involving the 'name'
parameter of the '' script, although Nessus has not
checked for those issues.

See also :

Solution :

There is currently no patch available from the vendor.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 62784 ()

Bugtraq ID: 55070