CVE-2010-3274

Опубликовано: 17 фев. 2011

Источник: nvd

CVSS2: 4.3

EPSS Средний

Описание

Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.

Ссылки

http://secunia.com/advisories/43241
Vendor Advisory
http://securityreason.com/securityalert/8089
http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities
Exploit
http://www.osvdb.org/70871
Exploit
http://www.osvdb.org/70872
Exploit
http://www.securityfocus.com/archive/1/516396/100/0/threaded
http://www.securityfocus.com/bid/46331
Exploit
http://www.vupen.com/english/advisories/2011/0392
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65349
http://secunia.com/advisories/43241
Vendor Advisory
http://securityreason.com/securityalert/8089
http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities
Exploit
http://www.osvdb.org/70871
Exploit
http://www.osvdb.org/70872
Exploit
http://www.securityfocus.com/archive/1/516396/100/0/threaded
http://www.securityfocus.com/bid/46331
Exploit
http://www.vupen.com/english/advisories/2011/0392
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65349

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*

Версия до 4.4 (включая)

EPSS

Процентиль: 94%

0.1433

Средний

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-qh63-cgwm-3qjp

github

больше 3 лет назад