CVE-2022-24681
published 2022-04-07CVE-2022-24681: Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password…
PriorityP342medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.62%
88.1th percentile
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | < 6.1 | 6.1 |
| zohocorp | manageengine_adselfservice_plus | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-24681 [MEDIUM] ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting
ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting
ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens.
Template:
id: CVE-2022-24681
info:
name: ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting
author: Open-Sec
severity: medium
description: |
ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens.
impact: |
Successful exploitation of this vulnerability could lead to the execution of arbitrary scripts or theft of sensitive information.
remediation: |
Upgra
No writeups or analysis indexed.
2022-04-07
Published