CVE-2015-1026: XSS
First published: Wed Mar 11 2015(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk Roles.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp ManageEngine ADManager Plus | <=6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-1026?
CVE-2015-1026 is rated as a high-severity vulnerability due to its potential for remote exploitation.
How do I fix CVE-2015-1026?
To mitigate CVE-2015-1026, upgrade to ZOHO ManageEngine ADManager Plus version 6.2 Build 6271 or later.
Which versions of ZOHO ManageEngine ADManager Plus are affected by CVE-2015-1026?
CVE-2015-1026 affects ZOHO ManageEngine ADManager Plus versions prior to 6.2 Build 6270.
What type of vulnerability is CVE-2015-1026?
CVE-2015-1026 is classified as a cross-site scripting (XSS) vulnerability.
Can CVE-2015-1026 lead to data breaches?
Yes, CVE-2015-1026 can enable attackers to inject malicious scripts that may compromise sensitive user data.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/zohocorp
- canonical/zohocorp manageengine admanager plus
- version/zohocorp manageengine admanager plus/6.2