Cross-Site Scripting Vulnerability in ManageEngine SupportCenter Plus
CVE-2008-1432

Currently unrated

Key Information:

Vendor: Manageengine
Status: Supportcenter Plus
Vendor: CVE Published:; 20 March 2008

Summary

A cross-site scripting (XSS) vulnerability exists in the SolutionSearch.do component of ManageEngine SupportCenter Plus 7.0.0. Attackers can exploit this flaw by injecting arbitrary web scripts or HTML code through the 'searchText' parameter, potentially compromising user sessions and executing malicious scripts within the context of the web application. This vulnerability highlights the importance of implementing proper input validation and output encoding to mitigate the risk of XSS attacks.

References

http://secunia.com/advisories/29441

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 20, 2008