Cross-Site Scripting Vulnerabilities in ManageEngine AssetExplorer 5.6
CVE-2012-5956

Currently unrated

Key Information:

Vendor: Zohocorp
Status: Manageengine Assetexplorer
Vendor: CVE Published:; 11 December 2012

What is CVE-2012-5956?

ManageEngine AssetExplorer 5.6 is impacted by multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web scripts or HTML. These risks stem from inadequate validation of user-supplied data in XML asset fields associated with the discoveryServlet/WsDiscoveryServlet. Attackers can exploit these vulnerabilities to manipulate the UI or execute malicious scripts in the context of authenticated users, potentially leading to data exposure or unauthorized actions.

References

http://www.manageengine.com/products/asset-explorer/sp-re...

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/571068

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 11, 2012

Zohocorp

What is CVE-2012-5956?

References

Timeline