Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1026

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-1026
Last Modified 24 Sep 2015 01:04:03
Published 11 Mar 2015 10:59:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1026

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk Roles.

Vulnerable Systems

Application

  • Zohocorp Manageengine Admanager Plus 6.2


References

BUGTRAQ - 20150310 Reflected cross-site scripting(XSS) Vulnerability in Manage Engine AD Audit Manager Plus Admin Panel(Build 6270)

MISC - http://packetstormsecurity.com/files/130737/Manage-Engine-AD-Audit-Manager-Plus-Cross-Site-Scripting.html


Last Updated: 27 May 2016 11:08:04