medium
6.1
CWE
79
Advisory Published
Updated

CVE-2019-11511: XSS

First published: Thu Apr 25 2019(Updated: )

Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
ADSelfService Plus=5.7-4500
ADSelfService Plus=5.7-5032
ADSelfService Plus=5.7-5040
ADSelfService Plus=5.7-5041
ADSelfService Plus=5.7-5100
ADSelfService Plus=5.7-5101
ADSelfService Plus=5.7-5102
ADSelfService Plus=5.7-5103
ADSelfService Plus=5.7-5104
ADSelfService Plus=5.7-5105
ADSelfService Plus=5.7-5106
ADSelfService Plus=5.7-5107
ADSelfService Plus=5.7-5108
ADSelfService Plus=5.7-5109
ADSelfService Plus=5.7-5110
ADSelfService Plus=5.7-5111
ADSelfService Plus=5.7-5112
ADSelfService Plus=5.7-5113
ADSelfService Plus=5.7-5114
ADSelfService Plus=5.7-5115
ADSelfService Plus=5.7-5116
ADSelfService Plus=5.7-5200
ADSelfService Plus=5.7-5201
ADSelfService Plus=5.7-5202
ADSelfService Plus=5.7-5203
ADSelfService Plus=5.7-5204
ADSelfService Plus=5.7-5205
ADSelfService Plus=5.7-5206
ADSelfService Plus=5.7-5207
ADSelfService Plus=5.7-5300
ADSelfService Plus=5.7-5301
ADSelfService Plus=5.7-5302
ADSelfService Plus=5.7-5303
ADSelfService Plus=5.7-5304
ADSelfService Plus=5.7-5305
ADSelfService Plus=5.7-5306
ADSelfService Plus=5.7-5307
ADSelfService Plus=5.7-5308
ADSelfService Plus=5.7-5309
ADSelfService Plus=5.7-5310
ADSelfService Plus=5.7-5311
ADSelfService Plus=5.7-5312
ADSelfService Plus=5.7-5313
ADSelfService Plus=5.7-5314
ADSelfService Plus=5.7-5315
ADSelfService Plus=5.7-5316
ADSelfService Plus=5.7-5317
ADSelfService Plus=5.7-5318
ADSelfService Plus=5.7-5319
ADSelfService Plus=5.7-5320
ADSelfService Plus=5.7-5321
ADSelfService Plus=5.7-5322
ADSelfService Plus=5.7-5323
ADSelfService Plus=5.7-5324
ADSelfService Plus=5.7-5325
ADSelfService Plus=5.7-5326
ADSelfService Plus=5.7-5327
ADSelfService Plus=5.7-5328
ADSelfService Plus=5.7-5329
ADSelfService Plus=5.7-5330
ADSelfService Plus=5.7-5400
ADSelfService Plus=5.7-5500
ADSelfService Plus=5.7-5501
ADSelfService Plus=5.7-5502
ADSelfService Plus=5.7-5503
ADSelfService Plus=5.7-5504
ADSelfService Plus=5.7-5505
ADSelfService Plus=5.7-5506
ADSelfService Plus=5.7-5507
ADSelfService Plus=5.7-5508
ADSelfService Plus=5.7-5509
ADSelfService Plus=5.7-5510
ADSelfService Plus=5.7-5511
ADSelfService Plus=5.7-5512
ADSelfService Plus=5.7-5513
ADSelfService Plus=5.7-5514
ADSelfService Plus=5.7-5515
ADSelfService Plus=5.7-5516
ADSelfService Plus=5.7-5517
ADSelfService Plus=5.7-5518
ADSelfService Plus=5.7-5519
ADSelfService Plus=5.7-5520
ADSelfService Plus=5.7-5521
ADSelfService Plus=5.7-5600
ADSelfService Plus=5.7-5601
ADSelfService Plus=5.7-5602
ADSelfService Plus=5.7-5603
ADSelfService Plus=5.7-5604
ADSelfService Plus=5.7-5605
ADSelfService Plus=5.7-5606
ADSelfService Plus=5.7-5607
ADSelfService Plus=5.7-5700
ADSelfService Plus=5.7-5701
ADSelfService Plus=5.7-5702
ADSelfService Plus=5.7-5703
ADSelfService Plus=5.7-5704
ADSelfService Plus=5.7-5705
ADSelfService Plus=5.7-5706
ADSelfService Plus=5.7-5707

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2019-11511?

    CVE-2019-11511 is classified as a critical vulnerability due to its potential to allow cross-site scripting (XSS) attacks.

  • How do I fix CVE-2019-11511?

    To fix CVE-2019-11511, upgrade to Zoho ManageEngine ADSelfService Plus build 5708 or later.

  • What versions of Zoho ManageEngine ADSelfService Plus are affected by CVE-2019-11511?

    CVE-2019-11511 affects versions of Zoho ManageEngine ADSelfService Plus prior to build 5708.

  • What type of attack does CVE-2019-11511 facilitate?

    CVE-2019-11511 facilitates cross-site scripting (XSS) attacks via the mobile app API.

  • Is there a workaround for CVE-2019-11511 before applying a patch?

    There is no official workaround for CVE-2019-11511, so it is recommended to update to the patched version as soon as possible.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203