Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
Published August 30, 2021.
Zohocorp Manageengine Adselfservice Plus