This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
A web application running on the remote web server is affected by
multiple cross-site scripting vulnerabilities.
The instance of ManageEngine ADSelfService Plus running on the remote
web server is affected by multiple cross-site scripting
vulnerabilities in the EmployeeSearch.cc script due to improper
sanitization of user-supplied input to the 'searchString',
'searchType' and 'actionID' parameters. An unauthenticated, remote
attacker can exploit these vulnerabilities, via a specially crafted
URL, to execute arbitrary script code in a user's browser session.
See also :
There is currently no patch available from the vendor.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 57049 ()
Bugtraq ID: 4633150717
CVE ID: CVE-2010-3274CVE-2011-5105
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.