CVE-2015-0866 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer (2) username or (3) password parameter to HomePage.do.

Reference

http://www.securityfocus.com/archive/1/534564/100/0/threaded http://www.securityfocus.com/bid/72349 https://forums.manageengine.com/topic/security-update-for-supportcenter-plus https://www.htbridge.com/advisory/HTB23247