Published: 17/02/2011 Updated: 10/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Manageengine Adselfservice Plus

Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus prior to 4.5 Build 4500 allow remote malicious users to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zohocorp manageengine adselfservice plus

Check Point Reference: CPAI-2010-0738 Date Published: 27 Mar 2024 Severity: Medium ...

source: wwwsecurityfocuscom/bid/46331/info ManageEngine ADSelfService Plus is prone to multiple vulnerabilities, including multiple security-bypass and cross-site scripting vulnerabilities Attackers can exploit these issues to bypass certain security restrictions and to execute arbitrary script code in the browser of an unsuspecting u ...

Core Security Technologies Advisory - ManageEngine ADSelfService Plus version 44 suffers from authentication bypass, protection mechanism failure, and cross site scripting vulnerabilities ...

CWE-79 http://secunia.com/advisories/43241 http://www.osvdb.org/70872 http://www.osvdb.org/70871 http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities http://www.vupen.com/english/advisories/2011/0392 http://www.securityfocus.com/bid/46331 http://securityreason.com/securityalert/8089 https://exchange.xforce.ibmcloud.com/vulnerabilities/65349 http://www.securityfocus.com/archive/1/516396/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/35331/https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2010-0738.html

CVE-2010-3274

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect