In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zohocorp manageengine adselfservice plus 5.0 |
||
zohocorp manageengine adselfservice plus 5.1 |
||
zohocorp manageengine adselfservice plus 5.2 |
||
zohocorp manageengine adselfservice plus 5.3 |
||
zohocorp manageengine adselfservice plus 5.4 |
||
zohocorp manageengine adselfservice plus 5.5 |
||
zohocorp manageengine adselfservice plus 5.7 |
||
zohocorp manageengine adselfservice plus 5.6 |