Summary
This host is running Zoho ManageEngine Support Center Plus and is prone to multiple cross site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to ManageEngine Support Center Plus 7.9 Upgrade Pack 7908 or later For updates refer to http://www.manageengine.com/products/support-center/
Insight
The flaws are due to inputs passed to the 'Name' and 'E-mail' parameters via 'sd/Request.sd' script is not properly sanitised before being returned to the user.
Affected
ManageEngine Support Center Plus 7.9 Upgrade Pack 7903 and prior
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- Apache Archiva Cross Site Request Forgery Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability