Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-8346
HistoryMay 24, 2019 - 5:29 p.m.

CVE-2019-8346

2019-05-2417:29:06
CWE-79
[email protected]
web.nvd.nist.gov
43
zoho
manageengine
adselfservice plus
xss
vulnerability
cve-2019-8346
nvd
security

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

49.4%

JSON

In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user’s AD self-service password reset and MFA token.

Affected configurations

NVD
Node
zohocorpmanageengine_adselfservice_plusMatch5.05000
OR
zohocorpmanageengine_adselfservice_plusMatch5.05001
OR
zohocorpmanageengine_adselfservice_plusMatch5.05002
OR
zohocorpmanageengine_adselfservice_plusMatch5.05010
OR
zohocorpmanageengine_adselfservice_plusMatch5.05011
OR
zohocorpmanageengine_adselfservice_plusMatch5.05020
OR
zohocorpmanageengine_adselfservice_plusMatch5.05021
OR
zohocorpmanageengine_adselfservice_plusMatch5.05022
OR
zohocorpmanageengine_adselfservice_plusMatch5.05030
OR
zohocorpmanageengine_adselfservice_plusMatch5.05032
OR
zohocorpmanageengine_adselfservice_plusMatch5.05040
OR
zohocorpmanageengine_adselfservice_plusMatch5.05041
OR
zohocorpmanageengine_adselfservice_plusMatch5.15100
OR
zohocorpmanageengine_adselfservice_plusMatch5.15101
OR
zohocorpmanageengine_adselfservice_plusMatch5.15102
OR
zohocorpmanageengine_adselfservice_plusMatch5.15103
OR
zohocorpmanageengine_adselfservice_plusMatch5.15104
OR
zohocorpmanageengine_adselfservice_plusMatch5.15105
OR
zohocorpmanageengine_adselfservice_plusMatch5.15106
OR
zohocorpmanageengine_adselfservice_plusMatch5.15107
OR
zohocorpmanageengine_adselfservice_plusMatch5.15108
OR
zohocorpmanageengine_adselfservice_plusMatch5.15109
OR
zohocorpmanageengine_adselfservice_plusMatch5.15110
OR
zohocorpmanageengine_adselfservice_plusMatch5.15111
OR
zohocorpmanageengine_adselfservice_plusMatch5.15112
OR
zohocorpmanageengine_adselfservice_plusMatch5.15113
OR
zohocorpmanageengine_adselfservice_plusMatch5.15114
OR
zohocorpmanageengine_adselfservice_plusMatch5.15115
OR
zohocorpmanageengine_adselfservice_plusMatch5.25200
OR
zohocorpmanageengine_adselfservice_plusMatch5.25201
OR
zohocorpmanageengine_adselfservice_plusMatch5.25202
OR
zohocorpmanageengine_adselfservice_plusMatch5.25203
OR
zohocorpmanageengine_adselfservice_plusMatch5.25204
OR
zohocorpmanageengine_adselfservice_plusMatch5.25205
OR
zohocorpmanageengine_adselfservice_plusMatch5.25206
OR
zohocorpmanageengine_adselfservice_plusMatch5.25207
OR
zohocorpmanageengine_adselfservice_plusMatch5.35300
OR
zohocorpmanageengine_adselfservice_plusMatch5.35301
OR
zohocorpmanageengine_adselfservice_plusMatch5.35302
OR
zohocorpmanageengine_adselfservice_plusMatch5.35303
OR
zohocorpmanageengine_adselfservice_plusMatch5.35304
OR
zohocorpmanageengine_adselfservice_plusMatch5.35305
OR
zohocorpmanageengine_adselfservice_plusMatch5.35306
OR
zohocorpmanageengine_adselfservice_plusMatch5.35307
OR
zohocorpmanageengine_adselfservice_plusMatch5.35308
OR
zohocorpmanageengine_adselfservice_plusMatch5.35309
OR
zohocorpmanageengine_adselfservice_plusMatch5.35310
OR
zohocorpmanageengine_adselfservice_plusMatch5.35311
OR
zohocorpmanageengine_adselfservice_plusMatch5.35312
OR
zohocorpmanageengine_adselfservice_plusMatch5.35313
OR
zohocorpmanageengine_adselfservice_plusMatch5.35314
OR
zohocorpmanageengine_adselfservice_plusMatch5.35315
OR
zohocorpmanageengine_adselfservice_plusMatch5.35316
OR
zohocorpmanageengine_adselfservice_plusMatch5.35317
OR
zohocorpmanageengine_adselfservice_plusMatch5.35318
OR
zohocorpmanageengine_adselfservice_plusMatch5.35319
OR
zohocorpmanageengine_adselfservice_plusMatch5.35320
OR
zohocorpmanageengine_adselfservice_plusMatch5.35321
OR
zohocorpmanageengine_adselfservice_plusMatch5.35322
OR
zohocorpmanageengine_adselfservice_plusMatch5.35323
OR
zohocorpmanageengine_adselfservice_plusMatch5.35324
OR
zohocorpmanageengine_adselfservice_plusMatch5.35325
OR
zohocorpmanageengine_adselfservice_plusMatch5.35326
OR
zohocorpmanageengine_adselfservice_plusMatch5.35327
OR
zohocorpmanageengine_adselfservice_plusMatch5.35328
OR
zohocorpmanageengine_adselfservice_plusMatch5.35329
OR
zohocorpmanageengine_adselfservice_plusMatch5.35330
OR
zohocorpmanageengine_adselfservice_plusMatch5.45400
OR
zohocorpmanageengine_adselfservice_plusMatch5.55500
OR
zohocorpmanageengine_adselfservice_plusMatch5.55501
OR
zohocorpmanageengine_adselfservice_plusMatch5.55502
OR
zohocorpmanageengine_adselfservice_plusMatch5.55503
OR
zohocorpmanageengine_adselfservice_plusMatch5.55504
OR
zohocorpmanageengine_adselfservice_plusMatch5.55505
OR
zohocorpmanageengine_adselfservice_plusMatch5.55506
OR
zohocorpmanageengine_adselfservice_plusMatch5.55507
OR
zohocorpmanageengine_adselfservice_plusMatch5.55508
OR
zohocorpmanageengine_adselfservice_plusMatch5.55509
OR
zohocorpmanageengine_adselfservice_plusMatch5.55510
OR
zohocorpmanageengine_adselfservice_plusMatch5.55511
OR
zohocorpmanageengine_adselfservice_plusMatch5.55512
OR
zohocorpmanageengine_adselfservice_plusMatch5.55513
OR
zohocorpmanageengine_adselfservice_plusMatch5.55514
OR
zohocorpmanageengine_adselfservice_plusMatch5.55515
OR
zohocorpmanageengine_adselfservice_plusMatch5.55516
OR
zohocorpmanageengine_adselfservice_plusMatch5.55517
OR
zohocorpmanageengine_adselfservice_plusMatch5.55518
OR
zohocorpmanageengine_adselfservice_plusMatch5.55519
OR
zohocorpmanageengine_adselfservice_plusMatch5.55520
OR
zohocorpmanageengine_adselfservice_plusMatch5.55521
OR
zohocorpmanageengine_adselfservice_plusMatch5.65600
OR
zohocorpmanageengine_adselfservice_plusMatch5.65601
OR
zohocorpmanageengine_adselfservice_plusMatch5.65602
OR
zohocorpmanageengine_adselfservice_plusMatch5.65603
OR
zohocorpmanageengine_adselfservice_plusMatch5.65604
OR
zohocorpmanageengine_adselfservice_plusMatch5.65605
OR
zohocorpmanageengine_adselfservice_plusMatch5.65606
OR
zohocorpmanageengine_adselfservice_plusMatch5.65607
OR
zohocorpmanageengine_adselfservice_plusMatch5.75702
OR
zohocorpmanageengine_adselfservice_plusMatch5.75704

Related

prion 1
nvd 1
cvelist 1
prion
prion
Cross site scripting
2019-05-24 17:29:00
nvd
nvd
CVE-2019-8346
2019-05-24 17:29:06
cvelist
cvelist
CVE-2019-8346
2019-05-24 16:48:36

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

49.4%

JSON
Related for CVE-2019-8346
prion1nvd1cvelist1