CVE-2009-3903

MEDIUM

Description

Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

References

http://osvdb.org/55772

http://secunia.com/advisories/35105

http://www.securityfocus.com/bid/35630

https://exchange.xforce.ibmcloud.com/vulnerabilities/51630

Details

Source: MITRE

Published: 2009-11-06

Updated: 2017-08-17

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM