CVE-2015-5150

by Fred · 30/06/2015

Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp.

Date published : 2015-06-30

https://www.exploit-db.com/exploits/37322/

http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html

CVE-2015-5150

Related

Recent Posts

Categories

Latest CWE

CVE-2015-5150

Share this:

Related

Recent Posts

Categories

Tags

Latest CWE