Cross-Site Scripting Vulnerabilities in Zoho ManageEngine SupportCenter Plus
CVE-2015-5150

Currently unrated

Key Information:

Vendor: Zohocorp
Status: Manageengine Supportcenter Plus
Vendor: CVE Published:; 30 June 2015

What is CVE-2015-5150?

Zoho ManageEngine SupportCenter Plus 7.90 contains multiple cross-site scripting vulnerabilities that enable remote authenticated users to inject arbitrary web scripts or HTML. These vulnerabilities can be exploited through various parameters within specific modules, including the query parameters of the run_query_editor_query module, the compAcct parameter in jsp/ResetADPwd.jsp, and the redirectTo parameter in jsp/CacheScreenWidth.jsp. This could potentially lead to unauthorized actions being performed on behalf of users or exposure of sensitive information.

References

https://www.exploit-db.com/exploits/37322/

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/132376/ManageEngine-...

x_refsource_MISC

http://www.vulnerability-lab.com/get_content.php?id=1501

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 30, 2015

Zohocorp

What is CVE-2015-5150?

References

Timeline