Lucene search
MitreCVE-2015-5061HistoryJun 24, 2015 - 2:59 p.m.
CVE-2015-5061
2015-06-2414:59:03
CWE-79
mitre
web.nvd.nist.gov
34
cve-2015-5061
cross-site scripting
xss
zoho manageengine assetexplorer
vulnerability
remote authenticated users
web script
html
nvd
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
39.3%
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do.
Affected configurations
Node
zohocorpmanageengine_assetexplorerMatch6.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zohocorp | manageengine_assetexplorer | 6.1 | cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.1:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2015-5061
2015-06-24 14:59:03
prion
prion
Cross site scripting
2015-06-24 14:59:00
cvelist
cvelist
CVE-2015-5061
2015-06-24 14:00:00
nessus
nessus
ManageEngine AssetExplorer < 6.1.0 Build 6113 Multiple XSS
2015-11-09 00:00:00
openvas
openvas
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
39.3%
Related for CVE-2015-5061