CVE-2008-1432 — Cross-site Scripting in Supportcenter Plus

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

CNA6.1

EPSS

0.3%

top 47.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Supportcenter Plus

Timeline

PublishedMar 20

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmanageengine/supportcenter_plus7.0.0

🔴Vulnerability Details

GHSA

GHSA-jh9h-c6xc-wp2c: Cross-site scripting (XSS) vulnerability in SolutionSearch↗2022-05-01

▶

CVEList

CVE-2008-1432: Cross-site scripting (XSS) vulnerability in SolutionSearch↗2008-03-20

▶