3 matches found
Server side request forgery (ssrf)
A Server-side request forgery SSRF vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting XSS attack against the administrative interface via an HTTP...
CVE-2021-27214
CVE-2021-27214 concerns Zoho ManageEngine ADSelfService Plus, where the ProductConfig servlet (through build 6013) is vulnerable to server-side request forgery (SSRF). An unauthenticated remote attacker can trigger blind HTTP requests or, per description, perform a cross-site scripting (XSS) atta...
CVE-2019-3905
CVE-2019-3905 affects Zoho ManageEngine ADSelfService Plus 5.x prior to build 5703. The vulnerability is an SSRF issue in the product, enabling an attacker to trigger server-side requests via crafted input. Public references in the connected documents confirm the issue was fixed by Build 5703 (re...