Exploitation Summary
EIP tracks 2 public exploits for CVE-2012-1049. PoCs published by LiquidWorm.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in ManageEngine ADManager Plus by injecting a malicious script via the 'operation' parameter in a POST request. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do.
Exploits (2)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in ManageEngine ADManager Plus by injecting a malicious script via the 'operation' parameter in a POST request. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in ManageEngine ADManager Plus by injecting a script tag into the domainName parameter of the AddDC.jsp endpoint. The PoC uses a simple alert-based payload to confirm the vulnerability.