This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.
The remote web server is affected by a cross-site scripting
The version of ManageEngine AssetExplorer running on the remote host
is prior to 5.6.0 build 5614. It is, therefore, affected by a
cross-site scripting vulnerability in WsDiscoveryServlet due to
improper validation of certain XML asset data before returning it to
users. An unauthenticated, remote attacker can exploit this, via a
specially crafted request, to execute arbitrary script code in the
user's browser session.
See also :
Upgrade ManageEngine AssetExplorer to version 5.6.0 build 5614 or
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true