This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.
A web application running on the remote web server is affected by
multiple cross-site scripting vulnerabilities.
The instance of ManageEngine ADSelfService Plus running on the remote
web server is affected by multiple cross-site scripting
vulnerabilities in the EmployeeSearch.cc script due to improper
sanitization of user-supplied input to the 'searchString',
'searchType' and 'actionID' parameters. An unauthenticated, remote
attacker can exploit these vulnerabilities, via a specially crafted
URL, to execute arbitrary script code in a user's browser session.
See also :
There is currently no patch available from the vendor.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true