CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15608 – ManageEngine ADManager Plus 6.5.7 - HTML Injection
https://notcve.org/view.php?id=CVE-2018-15608
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen. Zoho ManageEngine ADManager Plus 6.5.7 permite la inyección HTML en la pantalla "Help Desk Technicians" de "AD Delegation". ManageEngine ADManager Plus version 6.5.7 suffers from an html injection vulnerability. • https://www.exploit-db.com/exploits/45254 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 4CVE-2012-1049 – ManageEngine ADManager Plus 5.2 Build 5210 - 'domainName' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-1049
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en ManageEngine ADManager Plus v5.2 Build 5210 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) nombreDominio de jsp / AddDC.jsp o (2) los parámetros de funcionamiento de DomainConfig.do. • https://www.exploit-db.com/exploits/36667 https://www.exploit-db.com/exploits/36666 http://packetstormsecurity.org/files/109528 http://secunia.com/advisories/47887 http://www.securityfocus.com/bid/51893 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5070.php https://exchange.xforce.ibmcloud.com/vulnerabilities/73039 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •