Description
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Core Security · textwebappsphp
https://www.exploit-db.com/exploits/35331
References (9)
Core 9
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43241
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/70872
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0392
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516396/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8089
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65349
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/70871
Exploit x_refsource_misc
http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46331
Scores
EPSS
0.1433
EPSS Percentile
94.4%
Details
CWE
CWE-79
Status
published
Products (1)
zohocorp/manageengine_adselfservice_plus
< 4.4
Published
Feb 17, 2011
Tracked Since
Feb 18, 2026