ManageEngine AssetExplorer < 5.6.0 Build 5614 XML Asset Data XSS

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by a cross-site scripting

Description :

The version of ManageEngine AssetExplorer running on the remote host
is prior to 5.6.0 build 5614. It is, therefore, affected by a
cross-site scripting vulnerability in WsDiscoveryServlet due to
improper validation of certain XML asset data before returning it to
users. An unauthenticated, remote attacker can exploit this, via a
specially crafted request, to execute arbitrary script code in the
user's browser session.

See also :

Solution :

Upgrade ManageEngine AssetExplorer to version 5.6.0 build 5614 or

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 63694 ()

Bugtraq ID: 56835

CVE ID: CVE-2012-5956