CVE-2015-5061: XSS
First published: Wed Jun 24 2015(Updated: )
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ManageEngine AssetExplorer | =6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-5061?
CVE-2015-5061 has a medium severity rating due to its ability to allow unauthorized script execution.
How do I fix CVE-2015-5061?
To mitigate CVE-2015-5061, upgrade to the latest version of Zoho ManageEngine AssetExplorer beyond version 6.1.
Who is affected by CVE-2015-5061?
CVE-2015-5061 affects remote authenticated users with permissions to add new vendors in Zoho ManageEngine AssetExplorer 6.1 and earlier.
What kind of attacks can CVE-2015-5061 enable?
CVE-2015-5061 can facilitate cross-site scripting (XSS) attacks by injecting arbitrary web script or HTML.
What are the consequences of CVE-2015-5061 exploitation?
Exploitation of CVE-2015-5061 can lead to unauthorized access and manipulation of user data in the affected application.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zohocorp
- canonical/manageengine assetexplorer
- version/manageengine assetexplorer/6.1