Cross-Site Scripting Vulnerability in ManageEngine ServiceDesk Plus
CVE-2011-1510

Currently unrated

Key Information:

Vendor: Manageengine
Status: Servicedesk Plus
Vendor: CVE Published:; 20 September 2011

Summary

The ManageEngine ServiceDesk Plus product contains a cross-site scripting (XSS) vulnerability located in the SolutionSearch.do page. This issue arises from improper validation of user inputs through the searchText parameter. Attackers can exploit this vulnerability to inject arbitrary web scripts or HTML content, potentially compromising the security of user sessions and sensitive data. Successful exploitation allows malicious entities to execute scripts in the context of a victim's browser, leading to unauthorized actions and data theft.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/69840

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/49636

vdb-entryx_refsource_BID

http://securityreason.com/securityalert/8385

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Sep 20, 2011
Vulnerability Reserved
Mar 23, 2011