CVE-2010-3274
published 2011-02-17CVE-2010-3274: Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build…
PriorityP431medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
21.00%
97.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | <= 4.4 | — |
| zohocorp | manageengine_adselfservice_plus | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-48qf-97ph-fgqc: Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch
ghsa_unreviewed·2022-05-14·CVSS 4.3
CVE-2011-5105 [MEDIUM] CWE-79 GHSA-48qf-97ph-fgqc: Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.
GHSA
GHSA-qh63-cgwm-3qjp: Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch
ghsa_unreviewed·2022-05-14
CVE-2010-3274 [MEDIUM] CWE-79 GHSA-qh63-cgwm-3qjp: Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.
Suricata
ET WEB_SPECIFIC_APPS ZOHO ManageEngine ADSelfService Employee Search XSS Attempt
suricata·2011-06-09
CVE-2010-3274 ET WEB_SPECIFIC_APPS ZOHO ManageEngine ADSelfService Employee Search XSS Attempt
ET WEB_SPECIFIC_APPS ZOHO ManageEngine ADSelfService Employee Search XSS Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS ZOHO ManageEngine ADSelfService Employee Search XSS Attempt"; flow:established,to_server; http.uri; content:"/EmployeeSearch"; nocase; fast_pattern; content:"actionId="; nocase; content:"searchString="; nocase; pcre:"/^.+(?:script|alert|onmouse[a-z]+|onkey[a-z]+|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange)/Ri"; reference:url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities; reference:cve,2010-3274; classtype:web-application-attack; sid:2012980; rev:3; metadata:created_at 2011_06_09, cve CVE_2010_3274, signature_severity Major, updated_at 2020_04_20;)
No writeups or analysis indexed.
http://secunia.com/advisories/43241http://securityreason.com/securityalert/8089http://www.coresecurity.com/content/zoho-manageengine-vulnerabilitieshttp://www.osvdb.org/70871http://www.osvdb.org/70872http://www.securityfocus.com/archive/1/516396/100/0/threadedhttp://www.securityfocus.com/bid/46331http://www.vupen.com/english/advisories/2011/0392https://exchange.xforce.ibmcloud.com/vulnerabilities/65349http://secunia.com/advisories/43241http://securityreason.com/securityalert/8089http://www.coresecurity.com/content/zoho-manageengine-vulnerabilitieshttp://www.osvdb.org/70871http://www.osvdb.org/70872http://www.securityfocus.com/archive/1/516396/100/0/threadedhttp://www.securityfocus.com/bid/46331http://www.vupen.com/english/advisories/2011/0392https://exchange.xforce.ibmcloud.com/vulnerabilities/65349
2011-02-17
Published