ManageEngine MSPCentral Multiple Security Vulnerabilities


ManageEngine MSPCentral is prone to the following multiple security vulnerabilities. 1. A cross-site scripting vulnerability 2. An HTML-injection vulnerability 3. A cross-site request-forgery vulnerability


The information has been provided by Cartel.


Vulnerable Systems:
 * ManageEngine MSPCentra

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, or control how the site is rendered to the user. The attacker may also be perform certain unauthorized actions. Other attacks are also possible.

Disclosure Timeline:
Published: December 04 2012

Categories: News