CVSS: 10.0EPSS: 2%CPEs: 101EXPL: 0CVE-2019-3905
https://notcve.org/view.php?id=CVE-2019-3905
03 Jan 2019 — Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. Zoho ManageEngine ADSelfService Plus, en sus versiones 5.x antes del build 5703, tiene Server-Side Request Forgery (SSRF). • https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 116EXPL: 2CVE-2018-20485 – Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20485
26 Dec 2018 — Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. Zoho ManageEngine OpManager 5.7 antes de la build 5702 tiene Cross-Site Scripting (XSS) mediante la característica de búsqueda de empleados. Zoho ManageEngine ADSelfService Plus version 5.7 builds prior to 5702 suffer from multiple cross site scripting vulnerabilities. • https://packetstorm.news/files/id/152793 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •