Vulnerabilities > Zohocorp > Manageengine Adselfservice Plus > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-05-20 CVE-2021-27956 Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field.
network
low complexity
zohocorp CWE-79
6.1
2021-02-19 CVE-2021-27214 Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus 6.0
A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.
network
low complexity
zohocorp CWE-918
6.1
2019-12-18 CVE-2019-18781 Open Redirect vulnerability in Zohocorp Manageengine Adselfservice Plus
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.
network
low complexity
zohocorp CWE-601
6.1
2019-06-17 CVE-2019-12476 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Zohocorp Manageengine Adselfservice Plus 4.5/5.0
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser.
low complexity
zohocorp CWE-640
6.8
2019-05-24 CVE-2019-8346 Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf.
network
low complexity
zohocorp CWE-79
6.1
2019-04-25 CVE-2019-11511 Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
network
low complexity
zohocorp CWE-79
6.1
2018-12-26 CVE-2018-20485 Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
network
low complexity
zohocorp CWE-79
6.1
2018-12-26 CVE-2018-20484 Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
network
low complexity
zohocorp CWE-79
6.1