CVE-2012-5956

Name of the Vulnerable Software and Affected Versions ManageEngine AssetExplorer version 5.6 before service pack 5614

Description The issue allows remote attackers to inject arbitrary web script or HTML via fields in XML asset data. This is achieved by exploiting the discoveryServlet/WsDiscoveryServlet, for example, through the DocRoot/Computer Information/output element.

Recommendations For ManageEngine AssetExplorer version 5.6 before service pack 5614, apply service pack 5614 to resolve the issue. As a temporary workaround, consider restricting access to the discoveryServlet/WsDiscoveryServlet to minimize the risk of exploitation. Avoid using the output element in the XML asset data until the issue is resolved.