Test ID:	1.3.6.1.4.1.25623.1.0.801983
Category:	Web application abuses
Title:	ManageEngine ServiceDesk Plus 'searchText' XSS Vulnerability
Summary:	ManageEngine ServiceDesk Plus is prone to a cross-site scripting (XSS) vulnerability.
Description:	Summary: ManageEngine ServiceDesk Plus is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to an input validation error in 'SolutionSearch.do' when handling search action via a 'searchText' parameter. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow an attacker to steal cookie-based authentications and launch further attacks. Affected Software/OS: ManageEngine ServiceDesk Plus 8.0 Build 8011 and prior. Solution: Upgrade ManageEngine ServiceDesk Plus 8.0 Build 8012 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1510 BugTraq ID: 49636 http://www.securityfocus.com/bid/49636 Bugtraq: 20110914 CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus (Google Search) http://www.securityfocus.com/archive/1/519652/100/0/threaded http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp http://securityreason.com/securityalert/8385 XForce ISS Database: servicedesk-solutionsearch-xss(69840) https://exchange.xforce.ibmcloud.com/vulnerabilities/69840
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.