CVE-2011-3684 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp (2) the siteid parameter to monitor-events.asp (3) the siteid parameter to reports-config-by-device.asp (4) the siteid parameter to reports-config-by-monitor.asp (5) the siteid parameter to reports-monitoring-queue.asp (6) the action parameter to site-list.asp the (7) siteid or (8) type parameter to event-history.asp the (9) siteid or (10) type parameter to admin-history.asp the (11) siteid or (12) id parameter to dashboard-view.asp the (13) siteid or (14) dn parameter to device-events.asp the (15) siteid or (16) submit parameter to device-finder.asp the (17) siteid or (18) dn parameter to device-monitors.asp the (19) siteid or (20) type parameter to device-views.asp the (21) siteid or (22) type parameter to monitor-views.asp the (23) siteid or (24) sel parameter to reports-list.asp the (25) siteid (26) action or (27) sel parameter to monitor-list.asp or the (28) siteid (29) action or (30) sel parameter to device-list.asp.

Reference

http://www.solutionary.com/index/SERT/Vuln-Disclosures/Tembria-Server-Monitor-XSS.html