CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2670
https://notcve.org/view.php?id=CVE-2014-2670
Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344. Vulnerabilidad de XSS en Properties.do en ZOHO ManageEngine OpStor anterior a build 8500 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través del parámetro name, una vulnerabilidad diferente a CVE-2014-0344. • http://www.kb.cert.org/vuls/id/140886 http://www.securityfocus.com/bid/66499 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5956
https://notcve.org/view.php?id=CVE-2012-5956
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en ManageEngine AssetExplorer v5.6 antes de service pack 5614 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de campos de datos de activos XML para discoveryServlet/WsDiscoveryServlet, como lo demuestra el elemento DocRoot/Computer_Information/output. • http://www.kb.cert.org/vuls/id/571068 http://www.manageengine.com/products/asset-explorer/sp-readme.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 3%CPEs: 1EXPL: 3CVE-2011-5105 – ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5105
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en EmployeeSearch.cc en ZOHO ManageEngine ADSelfService Plus v4.5 Build 4521 permite a atacantes remotos inyectar código web o HTML arbitrario a través de los parámetros (1) searchType y (2) searchString, una vulnerabilidad diferente de CVE-2010-3274. • https://www.exploit-db.com/exploits/36316 http://jameswebb.me/vulns/vrpth-2011-001.txt http://www.securityfocus.com/archive/1/520562/100/0/threaded http://www.securityfocus.com/bid/50717 https://exchange.xforce.ibmcloud.com/vulnerabilities/71395 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5050
https://notcve.org/view.php?id=CVE-2010-5050
Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en jsp/admin/tools/remote_share.jsp en ManageEngine ADManager Plus v4.4.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro computerName. NOTA: El origen de esta información es desconocido; los detalles han sido obtenidos de una fuente de información de terceros. • http://osvdb.org/64857 http://secunia.com/advisories/39901 http://www.securityfocus.com/bid/40355 https://exchange.xforce.ibmcloud.com/vulnerabilities/58860 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 87%CPEs: 1EXPL: 5CVE-2010-3274 – ManageEngine ADSelfService Plus 4.4 - 'EmployeeSearch.cc' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-3274
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en EmployeeSearch.cc en el Employee Search Engine en ZOHO ManageEngine ADSelfService Plus anterior a v4.5 Build 4500 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro searchString en la acción (1) showList o (2) Search. • https://www.exploit-db.com/exploits/35331 http://secunia.com/advisories/43241 http://securityreason.com/securityalert/8089 http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities http://www.osvdb.org/70871 http://www.osvdb.org/70872 http://www.securityfocus.com/archive/1/516396/100/0/threaded http://www.securityfocus.com/bid/46331 http://www.vupen.com/english/advisories/2011/0392 https://exchange.xforce.ibmcloud.com/vulnerabilities/65349 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •