Cross-Site Scripting Vulnerabilities in ManageEngine ADManager Plus by Zoho Corporation
CVE-2012-1049

Currently unrated

Key Information:

Vendor: Manageengine
Status: Admanager Plus
Vendor: CVE Published:; 13 February 2012

What is CVE-2012-1049?

ManageEngine ADManager Plus 5.2 Build 5210 contains multiple vulnerabilities that allow attackers to perform cross-site scripting (XSS). By exploiting these weaknesses, malicious users can inject arbitrary web scripts or HTML through specific parameters in the application's functionalities, such as 'domainName' in the jsp/AddDC.jsp page and 'operation' in the DomainConfig.do endpoint. This can lead to unauthorized actions and data exposure, emphasizing the importance of robust input validation in web applications.

References

http://packetstormsecurity.org/files/109528

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/73039

vdb-entryx_refsource_XF

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-507...

x_refsource_MISC

Timeline

Vulnerability published
Feb 13, 2012
Vulnerability Reserved
Feb 13, 2012

Manageengine

What is CVE-2012-1049?

References

Timeline