XSS in Zohocorp Manageengine_supportcenter_plus

CVE-2015-5150

Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to Cu…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.010 (77.0th percentile) — read the EPSS interpretation.

Affected products

Zohocorp Manageengine_supportcenter_plus — versions 7.90
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

37322 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)