Cross-Site Scripting (XSS) Vulnerability in Zoho ManageEngine ADSelfService Plus 5.x through 5704
CVE-2019-8346 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.
Learn more about our User Device Pen Test.