exploitDog

GHSA-qh63-cgwm-3qjp

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.

Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.

Ссылки

EPSS

Процентиль: 94%

0.1433

Средний

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2010-3274

nvd

почти 15 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.

EPSS

Процентиль: 94%

0.1433

Средний

CVE ID

Дефекты

CWE-79