This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
A web application on the remote host is affected by a cross-site
The remote ManageEngine OpStor install is affected by a cross-site
scripting vulnerability. The application does not properly sanitize the
'days' parameter on the 'availability730.do' script.
A remote attacker could exploit this by tricking a user into requesting
a maliciously crafted URL. Exploitation could also allow the attacker
to steal cookie-based authentication credentials.
The application is also reported to be vulnerable to SQL injection
attacks as well as a cross-site scripting attack involving the 'name'
parameter of the 'availability730.do' script, although Nessus has not
checked for those issues.
See also :
There is currently no patch available from the vendor.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 62784 ()
Bugtraq ID: 55070