2 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the group subscription process. An attacker can gain unauthorized access to groups that were not intended to be accessible by creating groups with prefixes matching those of whitelisted groups. Remediation A...
ZOHO ManageEngine ADSelfService Plus Cross-Site Scripting Vulnerability (CNVD-2015-00152)
ZOHO ManageEngine ADSelfService Plus is a secure, web-based end-user self-service password reset solution. A cross-site scripting vulnerability in ZOHO ManageEngine ADSelfService Plus prior to 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter in...