CVE-2015-0866: XSS
First published: Mon Feb 02 2015(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ManageEngine SupportCenter Plus | <=7.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0866?
CVE-2015-0866 is rated as a medium severity vulnerability due to its potential impact on user data and web application integrity.
How do I fix CVE-2015-0866?
To fix CVE-2015-0866, it is recommended to upgrade Zoho ManageEngine SupportCenter Plus to version 7.9 hotfix 7941 or later.
What types of attacks are possible with CVE-2015-0866?
CVE-2015-0866 allows for cross-site scripting (XSS) attacks, which can enable remote attackers to inject malicious scripts into web pages viewed by users.
Which versions of ManageEngine SupportCenter Plus are affected by CVE-2015-0866?
CVE-2015-0866 affects all versions of Zoho ManageEngine SupportCenter Plus prior to hotfix 7941.
What parameters are involved in the CVE-2015-0866 vulnerability?
CVE-2015-0866 involves vulnerabilities through the parameters fromCustomer, username, and password in HomePage.do.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zohocorp
- canonical/manageengine supportcenter plus
- version/manageengine supportcenter plus/7.9