Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0866

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-0866
Last Modified 17 Feb 2015 10:21:30
Published 02 Feb 2015 10:59:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-0866

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do.

Vulnerable Systems

Application

  • Manageengine Supportcenter Plus 7.9

  • Zohocorp Manageengine Supportcenter Plus 7.9


References

MISC - https://www.htbridge.com/advisory/HTB23247

CONFIRM - https://forums.manageengine.com/topic/security-update-for-supportcenter-plus

BID - 72349

BUGTRAQ - 20150128 Two XSS Vulnerabilities in SupportCenter Plus


Last Updated: 27 May 2016 11:07:49