Cross-Site Scripting Vulnerability in Zoho ManageEngine AssetExplorer
CVE-2015-5061

Currently unrated

Key Information:

Vendor: Zohocorp
Status: Manageengine Assetexplorer
Vendor: CVE Published:; 24 June 2015

What is CVE-2015-5061?

A Cross-Site Scripting (XSS) vulnerability exists in Zoho ManageEngine AssetExplorer, allowing authenticated users with permissions to add new vendors to inject arbitrary web scripts or HTML. This can be exploited through the organizationName parameter in the VendorDef.do endpoint, potentially leading to unauthorized actions in the application. Effective mitigation strategies include updating to the latest version and implementing robust input validation to sanitize user-generated content.

References

https://packetstormsecurity.com/files/132402/ManageEngine...

x_refsource_MISC

http://www.securityfocus.com/bid/75411

vdb-entryx_refsource_BID

http://www.vulnerability-lab.com/get_content.php?id=1488

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2015
Vulnerability Reserved
Jun 24, 2015

Zohocorp

What is CVE-2015-5061?

References

Timeline