CVE-2012-5956
ManageEngine AssetExplorer < 5.6 - Cross-Site Scripting via XML Asset Data in DiscoveryServlet
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.manageengine.com/products/asset-explorer/sp-readme.html
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/571068
Scores
EPSS
0.0151
EPSS Percentile
81.4%
Details
CWE
CWE-79
Status
published
Products (1)
zohocorp/manageengine_assetexplorer
< 5.6
Published
Dec 11, 2012
Tracked Since
Feb 18, 2026