Cross-Site Scripting Vulnerabilities in Zoho ManageEngine SupportCenter Plus
CVE-2015-0866

Currently unrated

Key Information:

Vendor: Zohocorp
Status: Manageengine Supportcenter Plus
Vendor: CVE Published:; 2 February 2015

What is CVE-2015-0866?

Multiple cross-site scripting vulnerabilities exist in Zoho ManageEngine SupportCenter Plus 7.9 prior to hotfix 7941. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML through parameters such as fromCustomer, username, or password in HomePage.do. Successful exploitation could lead to unauthorized actions on behalf of the user, posing significant security risks to applications and sensitive user data.

References

https://www.htbridge.com/advisory/HTB23247

x_refsource_MISC

https://forums.manageengine.com/topic/security-update-for...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/72349

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2015
Vulnerability Reserved
Jan 7, 2015

Zohocorp

What is CVE-2015-0866?

References

Timeline