medium
6.1
CWE
79
Advisory Published
Updated

CVE-2018-20484: XSS

First published: Wed Dec 26 2018(Updated: )

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
ADSelfService Plus=5.7-4500
ADSelfService Plus=5.7-5032
ADSelfService Plus=5.7-5040
ADSelfService Plus=5.7-5041
ADSelfService Plus=5.7-5100
ADSelfService Plus=5.7-5101
ADSelfService Plus=5.7-5102
ADSelfService Plus=5.7-5103
ADSelfService Plus=5.7-5104
ADSelfService Plus=5.7-5105
ADSelfService Plus=5.7-5106
ADSelfService Plus=5.7-5107
ADSelfService Plus=5.7-5108
ADSelfService Plus=5.7-5109
ADSelfService Plus=5.7-5110
ADSelfService Plus=5.7-5111
ADSelfService Plus=5.7-5112
ADSelfService Plus=5.7-5113
ADSelfService Plus=5.7-5114
ADSelfService Plus=5.7-5115
ADSelfService Plus=5.7-5116
ADSelfService Plus=5.7-5200
ADSelfService Plus=5.7-5201
ADSelfService Plus=5.7-5202
ADSelfService Plus=5.7-5203
ADSelfService Plus=5.7-5204
ADSelfService Plus=5.7-5205
ADSelfService Plus=5.7-5206
ADSelfService Plus=5.7-5207
ADSelfService Plus=5.7-5300
ADSelfService Plus=5.7-5301
ADSelfService Plus=5.7-5302
ADSelfService Plus=5.7-5303
ADSelfService Plus=5.7-5304
ADSelfService Plus=5.7-5305
ADSelfService Plus=5.7-5306
ADSelfService Plus=5.7-5307
ADSelfService Plus=5.7-5308
ADSelfService Plus=5.7-5309
ADSelfService Plus=5.7-5310
ADSelfService Plus=5.7-5311
ADSelfService Plus=5.7-5312
ADSelfService Plus=5.7-5313
ADSelfService Plus=5.7-5314
ADSelfService Plus=5.7-5315
ADSelfService Plus=5.7-5316
ADSelfService Plus=5.7-5317
ADSelfService Plus=5.7-5318
ADSelfService Plus=5.7-5319
ADSelfService Plus=5.7-5320
ADSelfService Plus=5.7-5321
ADSelfService Plus=5.7-5322
ADSelfService Plus=5.7-5323
ADSelfService Plus=5.7-5324
ADSelfService Plus=5.7-5325
ADSelfService Plus=5.7-5326
ADSelfService Plus=5.7-5327
ADSelfService Plus=5.7-5328
ADSelfService Plus=5.7-5329
ADSelfService Plus=5.7-5330
ADSelfService Plus=5.7-5400
ADSelfService Plus=5.7-5500
ADSelfService Plus=5.7-5501
ADSelfService Plus=5.7-5502
ADSelfService Plus=5.7-5503
ADSelfService Plus=5.7-5504
ADSelfService Plus=5.7-5505
ADSelfService Plus=5.7-5506
ADSelfService Plus=5.7-5507
ADSelfService Plus=5.7-5508
ADSelfService Plus=5.7-5509
ADSelfService Plus=5.7-5510
ADSelfService Plus=5.7-5511
ADSelfService Plus=5.7-5512
ADSelfService Plus=5.7-5513
ADSelfService Plus=5.7-5514
ADSelfService Plus=5.7-5515
ADSelfService Plus=5.7-5516
ADSelfService Plus=5.7-5517
ADSelfService Plus=5.7-5518
ADSelfService Plus=5.7-5519
ADSelfService Plus=5.7-5520
ADSelfService Plus=5.7-5521
ADSelfService Plus=5.7-5600
ADSelfService Plus=5.7-5601
ADSelfService Plus=5.7-5602
ADSelfService Plus=5.7-5603
ADSelfService Plus=5.7-5604
ADSelfService Plus=5.7-5605
ADSelfService Plus=5.7-5606
ADSelfService Plus=5.7-5700
ADSelfService Plus=5.7-5701

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2018-20484?

    CVE-2018-20484 is classified as a medium severity vulnerability due to its potential for cross-site scripting (XSS) attacks.

  • How do I fix CVE-2018-20484?

    To fix CVE-2018-20484, upgrade Zoho ManageEngine ADSelfService Plus to version 5.7 build 5702 or later.

  • What impact does CVE-2018-20484 have on my system?

    CVE-2018-20484 allows attackers to execute arbitrary JavaScript in the context of the user's browser, potentially compromising user data.

  • Is CVE-2018-20484 being actively exploited?

    There have been reports indicating potential exploitation of CVE-2018-20484, making it crucial to patch affected systems immediately.

  • Which versions of ManageEngine ADSelfService Plus are affected by CVE-2018-20484?

    CVE-2018-20484 affects ManageEngine ADSelfService Plus versions prior to 5.7 build 5702.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203