CVE-2012-5956

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element.
References
Link Resource
http://www.kb.cert.org/vuls/id/571068 Third Party Advisory US Government Resource
http://www.manageengine.com/products/asset-explorer/sp-readme.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:5613:*:*:*:*:*:*

History

No history.

Information

Published : 2012-12-11 12:18

Updated : 2024-02-04 18:16


NVD link : CVE-2012-5956

Mitre link : CVE-2012-5956

CVE.ORG link : CVE-2012-5956


JSON object : View

Products Affected

zohocorp

  • manageengine_assetexplorer
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')