Summary
This host is running ManageEngine ServiceDesk Plus and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site.
This may allow an attacker to steal cookie-based authentications and launch further attacks.
Impact Level: Application
Solution
Upgrade ManageEngine ServiceDesk Plus 8.0 Build 8012 or later, For updates refer to http://www.manageengine.com/
Insight
The flaw is due to an input validation error in 'SolutionSearch.do' when handling search action via a 'searchText' parameter.
Affected
ManageEngine ServiceDesk Plus 8.0 Build 8011 and prior.
References
Severity
Classification
-
CVE CVE-2011-1510 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities