CVE-2012-1049 – ManageEngine ADManager Plus 5.2 Build 5210 - 'domainName' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2012-1049

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en ManageEngine ADManager Plus v5.2 Build 5210 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) nombreDominio de jsp / AddDC.jsp o (2) los parámetros de funcionamiento de DomainConfig.do. • https://www.exploit-db.com/exploits/36667 https://www.exploit-db.com/exploits/36666 http://packetstormsecurity.org/files/109528 http://secunia.com/advisories/47887 http://www.securityfocus.com/bid/51893 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5070.php https://exchange.xforce.ibmcloud.com/vulnerabilities/73039 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •