Published: 26/12/2018 Updated: 10/05/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Manageengine Adselfservice Plus

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zohocorp manageengine adselfservice plus 4.5
zohocorp manageengine adselfservice plus 5.0
zohocorp manageengine adselfservice plus 5.1
zohocorp manageengine adselfservice plus 5.2
zohocorp manageengine adselfservice plus 5.3
zohocorp manageengine adselfservice plus 5.5
zohocorp manageengine adselfservice plus 5.6
zohocorp manageengine adselfservice plus 5.7
zohocorp manageengine adselfservice plus 5.4

[+] Zoho ManageEngine ADSelfService Plus 57 < 5702 build - Multiple Cross-Site Scripting [+] Author: Ibrahim Raafat [+] Twitter: twittercom/RaafatSEC [+] Download: wwwmanageenginecom/products/self-service-password/download-freehtml? [+] TimeLine [-] Nov 23, 2018 Reported [-] Nov 26, 2018 Triaged [-] Dec 27, 2018 Fixed ...

Zoho ManageEngine ADSelfService Plus version 57 builds prior to 5702 suffer from multiple cross site scripting vulnerabilities ...

CWE-79 https://www.manageengine.com/products/self-service-password/release-notes.html http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html https://nvd.nist.gov https://www.exploit-db.com/exploits/46815

CVE-2018-20485

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect