CVE-2015-2169

ManageEngine AssetExplorer 6.1 - Cross-Site Scripting via Publisher Registry Entry

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2169. PoCs published by Suraj Krishnaswami.

AI-analyzed exploit summary This is a writeup describing a persistent XSS vulnerability in ManageEngine Asset Explorer v6.1. The vulnerability allows execution of arbitrary JavaScript code by injecting a malicious script into the 'Publisher' field of a Windows registry entry, which is then executed when viewed in the software's interface.

Description

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned.

Exploits (1)

exploitdb WRITEUP
by Suraj Krishnaswami · textwebappswindows
https://www.exploit-db.com/exploits/37395

This is a writeup describing a persistent XSS vulnerability in ManageEngine Asset Explorer v6.1. The vulnerability allows execution of arbitrary JavaScript code by injecting a malicious script into the 'Publisher' field of a Windows registry entry, which is then executed when viewed in the software's interface.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ManageEngine Asset Explorer v6.1.0 (Build 6112)
Auth required
Prerequisites: Access to modify Windows registry on a scanned endpoint · Valid credentials to log in to ManageEngine Asset Explorer
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37395/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75389
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jun/74

Scores

EPSS 0.0774
EPSS Percentile 93.9%

Details

CWE
CWE-79
Status published
Products (1)
zohocorp/manageengine_assetexplorer 6.1
Published Jun 24, 2015
Tracked Since Feb 18, 2026