CVE-2011-5105 - Vulnerability Details

Vendors	Products
Zohocorp	Manageengine Adselfservice Plus

Link	Providers
http://jameswebb.me/vulns/vrpth-2011-001.txt
http://www.securityfocus.com/archive/1/520562/100/0/threaded
http://www.securityfocus.com/bid/50717
https://exchange.xforce.ibmcloud.com/vulnerabilities/71395

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-11-17T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://jameswebb.me/vulns/vrpth-2011-001.txt"}, {"name": "20111117 Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/520562/100/0/threaded"}, {"name": "manageengine-adselfservice-xss(71395)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395"}, {"name": "50717", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/50717"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-5105", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://jameswebb.me/vulns/vrpth-2011-001.txt", "refsource": "MISC", "url": "http://jameswebb.me/vulns/vrpth-2011-001.txt"}, {"name": "20111117 Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/520562/100/0/threaded"}, {"name": "manageengine-adselfservice-xss(71395)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395"}, {"name": "50717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/50717"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:23:40.108Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://jameswebb.me/vulns/vrpth-2011-001.txt"}, {"name": "20111117 Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/520562/100/0/threaded"}, {"name": "manageengine-adselfservice-xss(71395)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395"}, {"name": "50717", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/50717"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-5105", "datePublished": "2012-08-23T20:00:00", "dateReserved": "2012-08-23T00:00:00", "dateUpdated": "2024-08-07T00:23:40.108Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2011-11-17T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-10-09T18:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://jameswebb.me/vulns/vrpth-2011-001.txt (string)

}

1 : { »

name : 20111117 Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://www.securityfocus.com/archive/1/520562/100/0/threaded (string)

}

2 : { »

name : manageengine-adselfservice-xss(71395) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/71395 (string)

}

3 : { »

name : 50717 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/50717 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2011-5105 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://jameswebb.me/vulns/vrpth-2011-001.txt (string)

refsource : MISC (string)

url : http://jameswebb.me/vulns/vrpth-2011-001.txt (string)

}

1 : { »

name : 20111117 Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus (string)

refsource : BUGTRAQ (string)

url : http://www.securityfocus.com/archive/1/520562/100/0/threaded (string)

}

2 : { »

name : manageengine-adselfservice-xss(71395) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/71395 (string)

}

3 : { »

name : 50717 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/50717 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T00:23:40.108Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://jameswebb.me/vulns/vrpth-2011-001.txt (string)

}

1 : { »

name : 20111117 Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/520562/100/0/threaded (string)

}

2 : { »

name : manageengine-adselfservice-xss(71395) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/71395 (string)

}

3 : { »

name : 50717 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/50717 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2011-5105 (string)

datePublished : 2012-08-23T20:00:00 (string)

dateReserved : 2012-08-23T00:00:00 (string)

dateUpdated : 2024-08-07T00:23:40.108Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "028A58B1-855D-41F4-9792-4CE4ADE9783E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en EmployeeSearch.cc en ZOHO ManageEngine ADSelfService Plus v4.5 Build 4521 permite a atacantes remotos inyectar c\u00f3digo web o HTML arbitrario a trav\u00e9s de los par\u00e1metros (1)  searchType y (2) searchString, una vulnerabilidad diferente de CVE-2010-3274."}], "id": "CVE-2011-5105", "lastModified": "2024-11-21T01:33:38.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-08-23T20:55:02.267", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://jameswebb.me/vulns/vrpth-2011-001.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/520562/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/50717"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://jameswebb.me/vulns/vrpth-2011-001.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/520562/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/50717"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 028A58B1-855D-41F4-9792-4CE4ADE9783E (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274. (string)

}

1 : { »

lang : es (string)

value : Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en EmployeeSearch.cc en ZOHO ManageEngine ADSelfService Plus v4.5 Build 4521 permite a atacantes remotos inyectar código web o HTML arbitrario a través de los parámetros (1) searchType y (2) searchString, una vulnerabilidad diferente de CVE-2010-3274. (string)

}

]

id : CVE-2011-5105 (string)

lastModified : 2024-11-21T01:33:38.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2012-08-23T20:55:02.267 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

]

url : http://jameswebb.me/vulns/vrpth-2011-001.txt (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/archive/1/520562/100/0/threaded (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

]

url : http://www.securityfocus.com/bid/50717 (string)

}

3 : { »

source : cve@mitre.org (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/71395 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

]

url : http://jameswebb.me/vulns/vrpth-2011-001.txt (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/archive/1/520562/100/0/threaded (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

]

url : http://www.securityfocus.com/bid/50717 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/71395 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object