17 matches found
EUVD-2018-13039
Malware in sbrugna...
Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications + Zoho ManageEngine ADSelfService Plus 5.7 &searchType=contains&searchBy=ALLFIELDS&actionId=Search HTTP/1.1 &adscsrf= 4- Stored XSS in self-...
CVE-2018-12652
A Reflected Cross Site Scripting XSS Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the LeaveEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter...
CVE-2018-20485
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature...
Design/Logic Flaw
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature...
CVE-2018-20485
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature...
CVE-2018-20485
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 is affected by a Cross‑Site Scripting (XSS) vulnerability in the Employee Search feature. The issue originates from an XSS flaw in the employee search handling, enabling injection of arbitrary web script or HTML. Public sources (e.g., exp...
CVE-2018-20485
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature...
Adrenalin HRMS Software Cross-Site Scripting Vulnerability (CNVD-2018-26800)
Adrenalin HRMS Software is a human resource management system from Adrenalin eSystems India. A cross-site scripting vulnerability exists in Adrenalin HRMS Software version 5.4.0, which can be exploited by a remote attacker to execute JavaScript code by sending the 'prntFrmName' or '...
CVE-2018-12651
A Reflected Cross Site Scripting XSS Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the ShiftEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter...
CVE-2018-12650
Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting XSS vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'...
consumerprotectionbc.ca XSS vulnerability
Vulnerable URL: http://www.consumerprotectionbc.ca/businesses-cemetery-and-funeral-home/employee-search?firstname=%22%3E%3Csvg%2Fonload%3Dprompt%28%2FXSSPOSED%2F%29%3Ename=name=businessasname=&Submit.x;=0&Submit.y;=0&submitcheck=1 Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017...
CVE-2011-5105
Multiple cross-site scripting XSS vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the 1 searchType and 2 searchString parameters, a different vulnerability than CVE-2010-3274...
CVE-2010-3274
Multiple cross-site scripting XSS vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a 1 showList or 2 Search action...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a 1 showList or 2 Search action...
CVE-2010-3274
Multiple cross-site scripting XSS vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a 1 showList or 2 Search action...
CVE-2010-3274
Affected product/version: ManageEngine ADSelfService Plus (Zoho) prior to 4.5 Build 4500. Vulnerability type: Cross‑site scripting (XSS) in EmployeeSearch.cc, affecting the search functionality; exploits reflect user input back to the page. Impact/reason: Remote attackers can inject arbitrary scr...