CVSS: 6.1EPSS: 0%CPEs: 92EXPL: 1CVE-2018-20484 – Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20484
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. Zoho ManageEngine ADSelfService Plus, en versiones 5.7 anteriores a la build 5702, tiene Cross-Site Scripting (XSS) en la implementación del diseño de autoactualización. Zoho ManageEngine ADSelfService Plus version 5.7 builds prior to 5702 suffer from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/46815 http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html https://www.manageengine.com/products/self-service-password/release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 116EXPL: 1CVE-2018-20485 – Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20485
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. Zoho ManageEngine OpManager 5.7 antes de la build 5702 tiene Cross-Site Scripting (XSS) mediante la característica de búsqueda de empleados. Zoho ManageEngine ADSelfService Plus version 5.7 builds prior to 5702 suffer from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/46815 http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html https://www.manageengine.com/products/self-service-password/release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-3779 – ADSelfservice Plus 5.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-3779
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do. Vulnerabilidad de XSS en ZOHO ManageEngine ADSelfService Plus anterior a 5.2 Build 5202 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro name en GroupSubscription.do. AdSelfservice Plus version 5.1 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html https://exchange.xforce.ibmcloud.com/vulnerabilities/99612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 3%CPEs: 1EXPL: 3CVE-2011-5105 – ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5105
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en EmployeeSearch.cc en ZOHO ManageEngine ADSelfService Plus v4.5 Build 4521 permite a atacantes remotos inyectar código web o HTML arbitrario a través de los parámetros (1) searchType y (2) searchString, una vulnerabilidad diferente de CVE-2010-3274. • https://www.exploit-db.com/exploits/36316 http://jameswebb.me/vulns/vrpth-2011-001.txt http://www.securityfocus.com/archive/1/520562/100/0/threaded http://www.securityfocus.com/bid/50717 https://exchange.xforce.ibmcloud.com/vulnerabilities/71395 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 87%CPEs: 1EXPL: 5CVE-2010-3274 – ManageEngine ADSelfService Plus 4.4 - 'EmployeeSearch.cc' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-3274
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en EmployeeSearch.cc en el Employee Search Engine en ZOHO ManageEngine ADSelfService Plus anterior a v4.5 Build 4500 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro searchString en la acción (1) showList o (2) Search. • https://www.exploit-db.com/exploits/35331 http://secunia.com/advisories/43241 http://securityreason.com/securityalert/8089 http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities http://www.osvdb.org/70871 http://www.osvdb.org/70872 http://www.securityfocus.com/archive/1/516396/100/0/threaded http://www.securityfocus.com/bid/46331 http://www.vupen.com/english/advisories/2011/0392 https://exchange.xforce.ibmcloud.com/vulnerabilities/65349 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •