CVE-2010-3274

Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.
Configurations

Configuration 1 (hide)

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-02-17 18:00

Updated : 2024-02-04 17:54


NVD link : CVE-2010-3274

Mitre link : CVE-2010-3274

CVE.ORG link : CVE-2010-3274


JSON object : View

Products Affected

zohocorp

  • manageengine_adselfservice_plus
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')