CVE-2011-5105
ManageEngine ADSelfService Plus 4.5 Build 4521 - Cross-Site Scripting via EmployeeSearch.cc Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-5105. PoCs published by James webb.
AI-analyzed exploit summary The exploit demonstrates a cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus by injecting malicious JavaScript via the 'searchString' parameter. The PoC includes both double-quote and single-quote string termination techniques to bypass input sanitization.
Description
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.
Exploits (1)
The exploit demonstrates a cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus by injecting malicious JavaScript via the 'searchString' parameter. The PoC includes both double-quote and single-quote string termination techniques to bypass input sanitization.