This host is running ManageEngine ServiceDesk Plus and is prone to cross site scripting vulnerability.

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow an attacker to steal cookie-based authentications and launch further attacks. Impact Level: Application

Upgrade ManageEngine ServiceDesk Plus 8.0 Build 8012 or later, For updates refer to http://www.manageengine.com/

The flaw is due to an input validation error in 'SolutionSearch.do' when handling search action via a 'searchText' parameter.

ManageEngine ServiceDesk Plus 8.0 Build 8011 and prior.

• http://packetstormsecurity.org/files/view/105123/CORE-2011-0506.txt
• http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp

---

Updated on 2015-03-25