Cross-Site Scripting Vulnerabilities in ManageEngine ADManager Plus by Zoho Corporation
CVE-2012-1049

Currently unrated

Key Information:

Vendor

Manageengine
Status
Admanager Plus
Vendor
CVE Published:
13 February 2012

What is CVE-2012-1049?

ManageEngine ADManager Plus 5.2 Build 5210 contains multiple vulnerabilities that allow attackers to perform cross-site scripting (XSS). By exploiting these weaknesses, malicious users can inject arbitrary web scripts or HTML through specific parameters in the application's functionalities, such as 'domainName' in the jsp/AddDC.jsp page and 'operation' in the DomainConfig.do endpoint. This can lead to unauthorized actions and data exposure, emphasizing the importance of robust input validation in web applications.

References

http://packetstormsecurity.org/files/109528
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/73039
vdb-entryx_refsource_XF
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-507...
x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.