QwikSec

Security Database

CVE

CWE

Training

CVE-2015-5150

Published: Jun 30, 2015

Modified: Sep 16, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

exploit

x_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html

x_refsource_MISC

http://www.vulnerability-lab.com/get_content.php?id=1501

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.