ID de Prueba:	1.3.6.1.4.1.25623.1.0.801983
Categoría:	Web application abuses
Título:	ManageEngine ServiceDesk Plus 'searchText' XSS Vulnerability
Resumen:	ManageEngine ServiceDesk Plus is prone to a cross-site scripting (XSS) vulnerability.
Descripción:	Summary: ManageEngine ServiceDesk Plus is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to an input validation error in 'SolutionSearch.do' when handling search action via a 'searchText' parameter. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow an attacker to steal cookie-based authentications and launch further attacks. Affected Software/OS: ManageEngine ServiceDesk Plus 8.0 Build 8011 and prior. Solution: Upgrade ManageEngine ServiceDesk Plus 8.0 Build 8012 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1510 BugTraq ID: 49636 http://www.securityfocus.com/bid/49636 Bugtraq: 20110914 CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus (Google Search) http://www.securityfocus.com/archive/1/519652/100/0/threaded http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp http://securityreason.com/securityalert/8385 XForce ISS Database: servicedesk-solutionsearch-xss(69840) https://exchange.xforce.ibmcloud.com/vulnerabilities/69840
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.