cvedb.io
CVE-2015-5061
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2015-06-24T14:59:03.313 · Last modified 2026-06-17T00:28:22.787

Summary

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do.

Affected products

zohocorp — manageengine_assetexplorer

Does this affect you?

Add your gear to cvedb and we'll alert you only when zohocorp ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.