Lucene search
HistoryAug 23, 2012 - 8:55 p.m.
CVE-2011-5105
cve-2011-5105
xss
zoho manageengine
adselfservice plus
security vulnerability
5.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.871 High
EPSS
Percentile
98.6%
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.
Affected configurations
Node
zohocorpmanageengine_adselfservice_plusMatch4.5
| CPE | Name | Operator | Version |
|---|---|---|---|
| zohocorp:manageengine_adselfservice_plus | zohocorp manageengine adselfservice plus | eq | 4.5 |
Related
nvd
nvd
CVE-2011-5105
2012-08-23 20:55:02
CVE-2010-3274
2011-02-17 18:00:03
prion
prion
Cross site scripting
2012-08-23 20:55:00
Cross site scripting
2011-02-17 18:00:00
cvelist
cvelist
CVE-2011-5105
2012-08-23 20:00:00
CVE-2010-3274
2011-02-17 17:00:00
nessus
nessus
ManageEngine ADSelfService EmployeeSearch.cc Multiple XSS
2011-12-08 00:00:00
cve
cve
CVE-2010-3274
2011-02-17 18:00:03
openvas
openvas
securityvulns
securityvulns
packetstorm
packetstorm
Core Security Technologies Advisory 2011.0103
2011-02-10 00:00:00
5.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.871 High
EPSS
Percentile
98.6%
Related for CVE-2011-5105