CVE-2011-5105

Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.

Published: Aug 23, 2012
Updated: Apr 13, 2023
CVE: CVE-2011-5105
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_adselfservice_plus	4.5	4.5.x

http://jameswebb.me/vulns/vrpth-2011-001.txt
http://www.securityfocus.com/archive/1/520562/100/0/threaded
http://www.securityfocus.com/bid/50717
https://exchange.xforce.ibmcloud.com/vulnerabilities/71395

Vulnerability Database

289,784

CVE-2011-5105