CVE-2011-5105: XSS
First published: Thu Aug 23 2012(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ADSelfService Plus | =4.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-5105?
CVE-2011-5105 is classified as a high severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2011-5105?
To fix CVE-2011-5105, upgrade to a patched version of ZOHO ManageEngine ADSelfService Plus or apply any available security patches from the vendor.
What are the affected versions of CVE-2011-5105?
CVE-2011-5105 specifically affects ZOHO ManageEngine ADSelfService Plus version 4.5 Build 4521.
Who can be affected by CVE-2011-5105?
Users of ZOHO ManageEngine ADSelfService Plus that allow untrusted input in the searchType and searchString parameters may be affected by CVE-2011-5105.
What types of attacks can CVE-2011-5105 facilitate?
CVE-2011-5105 can facilitate cross-site scripting attacks, allowing attackers to inject arbitrary web script or HTML into affected web applications.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/zohocorp
- canonical/adselfservice plus
- version/adselfservice plus/4.5