CVE-2015-0866
ManageEngine SupportCenter Plus < 7.9 - Cross-Site Scripting via HomePage.do Parameters
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do.
References (4)
Core 4
Core References
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23247
Patch, Vendor Advisory x_refsource_confirm
https://forums.manageengine.com/topic/security-update-for-supportcenter-plus
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72349
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534564/100/0/threaded
Scores
EPSS
0.0044
EPSS Percentile
63.2%
Details
CWE
CWE-79
Status
published
Products (1)
zohocorp/manageengine_supportcenter_plus
< 7.9
Published
Feb 02, 2015
Tracked Since
Feb 18, 2026