CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-0866

Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 62.1%

CVSS Severity

CVSS v2 Score 4.3

References

http://www.securityfocus.com/archive/1/534564/100/0/threaded
http://www.securityfocus.com/bid/72349
https://forums.manageengine.com/topic/security-update-for-supportcenter-plus
https://www.htbridge.com/advisory/HTB23247
http://www.securityfocus.com/archive/1/534564/100/0/threaded
http://www.securityfocus.com/bid/72349
https://forums.manageengine.com/topic/security-update-for-supportcenter-plus
https://www.htbridge.com/advisory/HTB23247

Products affected by CVE-2015-0866

Zohocorp » Manageengine Supportcenter Plus » Version: N/A

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:-
Zohocorp » Manageengine Supportcenter Plus » Version: 7.9

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:7.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-0866

Products

Pricing

Contact Us