CVE-2012-1049

Name of the Vulnerable Software and Affected Versions ManageEngine ADManager Plus version 5.2 Build 5210

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the domainName parameter to "jsp/AddDC.jsp" or the operation parameter to "DomainConfig.do".

Recommendations For ManageEngine ADManager Plus version 5.2 Build 5210, consider restricting access to the "jsp/AddDC.jsp" and "DomainConfig.do" endpoints until a patch is available. As a temporary workaround, avoid using the domainName and operation parameters in the affected API endpoints.