CVE-2012-5956

Zohocorp Manageengine Assetexplorer < 5.6 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element.

References (2)

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/571068

[Vendor Advisory] http://www.manageengine.com/products/asset-explorer/sp-readme.html

Scores

EPSS 0.0151

EPSS Percentile 81.0%

Details

CWE

CWE-79

Status published

Products (2)

zohocorp/manageengine_assetexplorer < 5.6

n/a/n/a

Published Dec 11, 2012

Tracked Since Feb 18, 2026