CVE-2015-5061
ManageEngine AssetExplorer 6.1 SP 6112 - Authenticated Stored XSS via VendorDef.do
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do.
References (3)
Core 3
Core References
Exploit x_refsource_misc
https://packetstormsecurity.com/files/132402/ManageEngine-Asset-Explorer-6.1-Cross-Site-Scripting.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75411
Exploit x_refsource_misc
http://www.vulnerability-lab.com/get_content.php?id=1488
Scores
EPSS
0.0029
EPSS Percentile
52.6%
Details
CWE
CWE-79
Status
published
Products (1)
zohocorp/manageengine_assetexplorer
6.1
Published
Jun 24, 2015
Tracked Since
Feb 18, 2026