Vulnerabilities > Zohocorp > Manageengine Adselfservice Plus > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-20 | CVE-2021-27956 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field. | 6.1 |
2021-02-19 | CVE-2021-27214 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus 6.0 A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905. | 6.1 |
2019-12-18 | CVE-2019-18781 | Open Redirect vulnerability in Zohocorp Manageengine Adselfservice Plus An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site. | 6.1 |
2019-06-17 | CVE-2019-12476 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Zohocorp Manageengine Adselfservice Plus 4.5/5.0 An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. | 6.8 |
2019-05-24 | CVE-2019-8346 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. | 6.1 |
2019-04-25 | CVE-2019-11511 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7 Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API. | 6.1 |
2018-12-26 | CVE-2018-20485 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. | 6.1 |
2018-12-26 | CVE-2018-20484 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7 Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. | 6.1 |