CVE-2015-5150

Zohocorp Manageengine Supportcenter Plus - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp.

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textwebappsmultiple

https://www.exploit-db.com/exploits/37322

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/37322/

Exploit x_refsource_misc

http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html

Exploit x_refsource_misc

http://www.vulnerability-lab.com/get_content.php?id=1501

Scores

EPSS 0.0097

EPSS Percentile 76.7%

Details

CWE

CWE-79

Status published

Products (1)

zohocorp/manageengine_supportcenter_plus 7.90

Published Jun 30, 2015

Tracked Since Feb 18, 2026