CVE-2010-3274

{"id": "CVE-2010-3274", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-02-17T18:00:03.073", "references": [{"url": "http://secunia.com/advisories/43241", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/8089", "source": "cve@mitre.org"}, {"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/70871", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/70872", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/46331", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2011/0392", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65349", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en EmployeeSearch.cc en el Employee Search Engine en ZOHO ManageEngine ADSelfService Plus anterior a v4.5 Build 4500 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro searchString en la acci\u00f3n (1) showList o (2) Search."}], "lastModified": "2018-10-10T20:01:34.990", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40A75087-E063-4DDE-8C0A-296A2F3A29FD", "versionEndIncluding": "4.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}