Lucene search

MitreCVE-2010-3274

HistoryFeb 17, 2011 - 6:00 p.m.

CVE-2010-3274

2011-02-1718:00:03

CWE-79

mitre

web.nvd.nist.gov

cve-2010-3274

cross-site scripting

xss

employeesearch.cc

employee search engine

zoho manageengine

adselfservice plus

remote code injection

web security

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.871

Percentile

98.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.

Affected configurations

Nvd

Node

zohocorpmanageengine_adselfservice_plusRange≤4.4

VendorProductVersionCPE
zohocorpmanageengine_adselfservice_plus*cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_adselfservice_plus	*	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus::::::::

References

secunia.com/advisories/43241

securityreason.com/securityalert/8089

www.coresecurity.com/content/zoho-manageengine-vulnerabilities

www.osvdb.org/70871

www.osvdb.org/70872

www.securityfocus.com/archive/1/516396/100/0/threaded

www.securityfocus.com/bid/46331

www.vupen.com/english/advisories/2011/0392

exchange.xforce.ibmcloud.com/vulnerabilities/65349

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.871

Percentile

98.6%

JSON

Related for CVE-2010-3274