Lucene search

[email protected]NVD:CVE-2010-3274

HistoryFeb 17, 2011 - 6:00 p.m.

CVE-2010-3274

2011-02-1718:00:03

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.871

Percentile

98.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.

Affected configurations

Nvd

Node

zohocorpmanageengine_adselfservice_plusRange≤4.4

VendorProductVersionCPE
zohocorpmanageengine_adselfservice_plus*cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_adselfservice_plus	*	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus::::::::

References

secunia.com/advisories/43241

securityreason.com/securityalert/8089

www.coresecurity.com/content/zoho-manageengine-vulnerabilities

www.osvdb.org/70871

www.osvdb.org/70872

www.securityfocus.com/archive/1/516396/100/0/threaded

www.securityfocus.com/bid/46331

www.vupen.com/english/advisories/2011/0392

exchange.xforce.ibmcloud.com/vulnerabilities/65349

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.871

Percentile

98.6%

JSON

Related for NVD:CVE-2010-3274

exploitdb1 cve2 openvas1 prion2 cvelist2 nessus1 nvd1 securityvulns2 packetstorm1