ManageEngine ADSelfService Plus 6.1 - User Enumeration Exploit

Exploit Title: ManageEngine ADSelfService Plus 6.1 - User Enumeration Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Version: ADSelfService 6.1 Build 6121 Tested Against:...

ManageEngine ADSelfService Plus < build 6121 XSS

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6121. It is, therefore, affected by a cross-site scripting vulnerability affecting the welcome name attribute on the Reset Password, Unlock Account and User Must...