source: https://www.securityfocus.com/bid/51893/info
ManageEngineADManagerPlus is prone tomultiple cross-site scripting vulnerabilities because it fails toproperly sanitize user-supplied input.
An attacker may leverage these issues toexecute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker tosteal cookie-based authentication credentials and launch other attacks.
ManageEngineADManagerPlus5.2Build5210 is vulnerable; prior versions may also be affected.
#2-POST http://www.example.com/DomainConfig.do?methodToCall=save HTTP/1.1-DOMAIN_NAME=test&DOMAIN_CONTROLLER_NAME=testsrv&save=Add&operation="><script>alert('zsl')</script>&reset=
