How to Buy
This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
A web application running on the remote web server is affected by
multiple cross-site scripting vulnerabilities.
The instance of ManageEngine ADSelfService Plus running on the remote
web server is affected by multiple cross-site scripting
vulnerabilities in the EmployeeSearch.cc script due to improper
sanitization of user-supplied input to the 'searchString',
'searchType' and 'actionID' parameters. An unauthenticated, remote
attacker can exploit these vulnerabilities, via a specially crafted
URL, to execute arbitrary script code in a user's browser session.
See also :
There is currently no patch available from the vendor.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 57049 ()
Bugtraq ID: 4633150717
CVE ID: CVE-2010-3274CVE-2011-5105
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.