CVE-2010-3274

Name of the Vulnerable Software and Affected Versions ZOHO ManageEngine ADSelfService Plus versions prior to 4.5 Build 4500

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Employee Search Engine of ZOHO ManageEngine ADSelfService Plus. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in specific actions, including showList and Search actions.

Recommendations For versions prior to 4.5 Build 4500, update to version 4.5 Build 4500 or later to resolve the issue. As a temporary workaround, consider restricting access to the Employee Search Engine or avoiding the use of the searchString parameter in the affected actions until the update is applied.