CVE-2015-2169
ManageEngine AssetExplorer 6.1 - Cross-Site Scripting via Publisher Registry Entry
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2015-2169. PoCs published by Suraj Krishnaswami.
AI-analyzed exploit summary This is a writeup describing a persistent XSS vulnerability in ManageEngine Asset Explorer v6.1. The vulnerability allows execution of arbitrary JavaScript code by injecting a malicious script into the 'Publisher' field of a Windows registry entry, which is then executed when viewed in the software's interface.
Description
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned.
Exploits (1)
This is a writeup describing a persistent XSS vulnerability in ManageEngine Asset Explorer v6.1. The vulnerability allows execution of arbitrary JavaScript code by injecting a malicious script into the 'Publisher' field of a Windows registry entry, which is then executed when viewed in the software's interface.