Lucene search

PRIOn knowledge basePRION:CVE-2021-27956

HistoryMay 20, 2021 - 6:15 p.m.

Cross site scripting

2021-05-2018:15:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

50.4%

JSON

Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field.

CPENameOperatorVersion
manageengine_adselfservice_pluseq6.1 6100
manageengine_adselfservice_pluseq6.1 6103
manageengine_adselfservice_pluseq6.1
manageengine_adselfservice_pluslt6.1

Name	Operator	Version
manageengine_adselfservice_plus	eq	6.1 6100
manageengine_adselfservice_plus	eq	6.1 6103
manageengine_adselfservice_plus	eq	6.1
manageengine_adselfservice_plus	lt	6.1

References

pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes

raxis.com/blog/cve-2021-27956-manage-engine-xss

www.manageengine.com

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

50.4%

JSON

Related for PRION:CVE-2021-27956

cve1