cbcvebase.
CVE-2015-5150
published 2015-06-30

CVE-2015-5150: Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web…

PriorityP420low3.5CVSS 2.0
AVNACMAuSCNIPAN
EXPLOIT
EPSS
4.26%
89.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp.

Affected

1 ranges
VendorProductVersion rangeFixed in
zohocorpmanageengine_supportcenter_plus
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.