Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-5105 — Cross-site Scripting in Manageengine Adselfservice Plus

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

1.0%

top 23.06%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zohocorp Manageengine Adselfservice Plus

Timeline

PublishedAug 23

Latest updateMay 14

Description

Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_adselfservice_plus4.5

🔴Vulnerability Details

GHSA

GHSA-48qf-97ph-fgqc: Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch↗2022-05-14

▶

CVEList

CVE-2011-5105: Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch↗2012-08-23

▶

💥Exploits & PoCs

Exploit-DB

ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 - Cross-Site Scripting↗2011-11-17

▶