Test ID:	1.3.6.1.4.1.25623.1.0.805707
Category:	Web application abuses
Title:	ZOHO ManageEngine AssetExplorer Multiple Cross Site Scripting Vulnerabilities
Summary:	ManageEngine AssetExplorer is prone to multiple cross site scripting vulnerabilities.
Description:	Summary: ManageEngine AssetExplorer is prone to multiple cross site scripting vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - The 'VendorDef.do' script does not validate input to vendor name field before returning it to users. - Publisher registry entry script does not validate input before returning it to users. Vulnerability Impact: Successful exploitation will allow remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: ManageEngine AssetExplorer version 6.1.12 (Build 6112) and prior. Solution: Upgrade to ManageEngine AssetExplorer version 6.1.13 (Build 6113) or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5061 BugTraq ID: 75411 http://www.securityfocus.com/bid/75411 http://www.vulnerability-lab.com/get_content.php?id=1488 https://packetstormsecurity.com/files/132402/ManageEngine-Asset-Explorer-6.1-Cross-Site-Scripting.html Common Vulnerability Exposure (CVE) ID: CVE-2015-2169 BugTraq ID: 75389 http://www.securityfocus.com/bid/75389 https://www.exploit-db.com/exploits/37395/ http://seclists.org/fulldisclosure/2015/Jun/74 http://packetstormsecurity.com/files/132433/ManageEngine-Asset-Explorer-6.1-Cross-Site-Scripting.html http://techtootech.blogspot.in/2015/06/found-xss-vulnerability-in-manage.html
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.