Design/Logic Flaw

2019-04-2503:29:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

51.3%

JSON

Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.

CPENameOperatorVersion
manageengine_adselfservice_pluseq5.7 5701
manageengine_adselfservice_pluseq5.7 5700
manageengine_adselfservice_pluseq5.7 5606
manageengine_adselfservice_pluseq5.7 5605
manageengine_adselfservice_pluseq5.7 5604
manageengine_adselfservice_pluseq5.7 5603
manageengine_adselfservice_pluseq5.7 5602
manageengine_adselfservice_pluseq5.7 5601
manageengine_adselfservice_pluseq5.7 5600
manageengine_adselfservice_pluseq5.7 5521

Name	Operator	Version
manageengine_adselfservice_plus	eq	5.7 5701
manageengine_adselfservice_plus	eq	5.7 5700
manageengine_adselfservice_plus	eq	5.7 5606
manageengine_adselfservice_plus	eq	5.7 5605
manageengine_adselfservice_plus	eq	5.7 5604
manageengine_adselfservice_plus	eq	5.7 5603
manageengine_adselfservice_plus	eq	5.7 5602
manageengine_adselfservice_plus	eq	5.7 5601
manageengine_adselfservice_plus	eq	5.7 5600
manageengine_adselfservice_plus	eq	5.7 5521