Cross-Site Scripting Vulnerability in Zoho ManageEngine AssetExplorer
CVE-2015-2169

Currently unrated

Key Information:

Vendor: Zohocorp
Status: Manageengine Assetexplorer
Vendor: CVE Published:; 24 June 2015

What is CVE-2015-2169?

The Cross-Site Scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 allows remote attackers to exploit the system by injecting arbitrary web scripts or HTML. This occurs via a Publisher registry entry, which is inadequately processed during machine scans, resulting in the potential for unauthorized web manipulation and data exposure.

References

https://www.exploit-db.com/exploits/37395/

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/132433/ManageEngine-...

x_refsource_MISC

http://www.securityfocus.com/bid/75389

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2015
Vulnerability Reserved
Mar 1, 2015

Zohocorp

What is CVE-2015-2169?

References

Timeline