CVE-2015-1026 β Cross-site Scripting in Manageengine Admanager Plus
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 36.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 11
Latest updateMay 14
Description
Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk Roles.
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9