Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-37416

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
6.1MEDIUM
EPSS
7.0%
top 8.53%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Zohocorp Manageengine Adselfservice Plus
Timeline
PublishedAug 30
Latest updateMay 24

Description

Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-6xq5-f853-99f3: Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page2022-05-24
CVEList
CVE-2021-37416: Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page2021-08-30

💥Exploits & PoCs

1
Nuclei
Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting
CVE-2021-37416 (MEDIUM CVSS 6.1) | Zoho ManageEngine ADSelfService Plu | cvebase.io