CVE-2019-8346: XSS
First published: Fri May 24 2019(Updated: )
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Adselfservice Plus | =5.0-5000 | |
| Zohocorp Manageengine Adselfservice Plus | =5.0-5001 | |
| Zohocorp Manageengine Adselfservice Plus | =5.0-5002 | |
| Zohocorp Manageengine Adselfservice Plus | =5.0-5010 | |
| Zohocorp Manageengine Adselfservice Plus | =5.0-5011 | |
| Zohocorp Manageengine Adselfservice Plus | =5.0-5020 | |
| Zohocorp Manageengine Adselfservice Plus | =5.0-5021 | |
| Zohocorp Manageengine Adselfservice Plus | =5.0-5022 | |
| Zohocorp Manageengine Adselfservice Plus | =5.0-5030 | |
| Zohocorp Manageengine Adselfservice Plus | =5.0-5032 | |
| Zohocorp Manageengine Adselfservice Plus | =5.0-5040 | |
| Zohocorp Manageengine Adselfservice Plus | =5.0-5041 | |
| Zohocorp Manageengine Adselfservice Plus | =5.1-5100 | |
| Zohocorp Manageengine Adselfservice Plus | =5.1-5101 | |
| Zohocorp Manageengine Adselfservice Plus | =5.1-5102 | |
| Zohocorp Manageengine Adselfservice Plus | =5.1-5103 | |
| Zohocorp Manageengine Adselfservice Plus | =5.1-5104 | |
| Zohocorp Manageengine Adselfservice Plus | =5.1-5105 | |
| Zohocorp Manageengine Adselfservice Plus | =5.1-5106 | |
| Zohocorp Manageengine Adselfservice Plus | =5.1-5107 | |
| Zohocorp Manageengine Adselfservice Plus | =5.1-5108 | |
| Zohocorp Manageengine Adselfservice Plus | =5.1-5109 | |
| Zohocorp Manageengine Adselfservice Plus | =5.1-5110 | |
| Zohocorp Manageengine Adselfservice Plus | =5.1-5111 | |
| Zohocorp Manageengine Adselfservice Plus | =5.1-5112 | |
| Zohocorp Manageengine Adselfservice Plus | =5.1-5113 | |
| Zohocorp Manageengine Adselfservice Plus | =5.1-5114 | |
| Zohocorp Manageengine Adselfservice Plus | =5.1-5115 | |
| Zohocorp Manageengine Adselfservice Plus | =5.2-5200 | |
| Zohocorp Manageengine Adselfservice Plus | =5.2-5201 | |
| Zohocorp Manageengine Adselfservice Plus | =5.2-5202 | |
| Zohocorp Manageengine Adselfservice Plus | =5.2-5203 | |
| Zohocorp Manageengine Adselfservice Plus | =5.2-5204 | |
| Zohocorp Manageengine Adselfservice Plus | =5.2-5205 | |
| Zohocorp Manageengine Adselfservice Plus | =5.2-5206 | |
| Zohocorp Manageengine Adselfservice Plus | =5.2-5207 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5300 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5301 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5302 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5303 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5304 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5305 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5306 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5307 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5308 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5309 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5310 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5311 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5312 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5313 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5314 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5315 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5316 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5317 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5318 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5319 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5320 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5321 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5322 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5323 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5324 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5325 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5326 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5327 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5328 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5329 | |
| Zohocorp Manageengine Adselfservice Plus | =5.3-5330 | |
| Zohocorp Manageengine Adselfservice Plus | =5.4-5400 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5500 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5501 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5502 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5503 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5504 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5505 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5506 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5507 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5508 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5509 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5510 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5511 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5512 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5513 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5514 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5515 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5516 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5517 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5518 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5519 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5520 | |
| Zohocorp Manageengine Adselfservice Plus | =5.5-5521 | |
| Zohocorp Manageengine Adselfservice Plus | =5.6-5600 | |
| Zohocorp Manageengine Adselfservice Plus | =5.6-5601 | |
| Zohocorp Manageengine Adselfservice Plus | =5.6-5602 | |
| Zohocorp Manageengine Adselfservice Plus | =5.6-5603 | |
| Zohocorp Manageengine Adselfservice Plus | =5.6-5604 | |
| Zohocorp Manageengine Adselfservice Plus | =5.6-5605 | |
| Zohocorp Manageengine Adselfservice Plus | =5.6-5606 | |
| Zohocorp Manageengine Adselfservice Plus | =5.6-5607 | |
| Zohocorp Manageengine Adselfservice Plus | =5.7-5702 | |
| Zohocorp Manageengine Adselfservice Plus | =5.7-5704 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/zohocorp
- canonical/zohocorp manageengine adselfservice plus
- version/zohocorp manageengine adselfservice plus/5.0-5000
- version/zohocorp manageengine adselfservice plus/5.0-5001
- version/zohocorp manageengine adselfservice plus/5.0-5002
- version/zohocorp manageengine adselfservice plus/5.0-5010
- version/zohocorp manageengine adselfservice plus/5.0-5011
- version/zohocorp manageengine adselfservice plus/5.0-5020
- version/zohocorp manageengine adselfservice plus/5.0-5021
- version/zohocorp manageengine adselfservice plus/5.0-5022
- version/zohocorp manageengine adselfservice plus/5.0-5030
- version/zohocorp manageengine adselfservice plus/5.0-5032
- version/zohocorp manageengine adselfservice plus/5.0-5040
- version/zohocorp manageengine adselfservice plus/5.0-5041
- version/zohocorp manageengine adselfservice plus/5.1-5100
- version/zohocorp manageengine adselfservice plus/5.1-5101
- version/zohocorp manageengine adselfservice plus/5.1-5102
- version/zohocorp manageengine adselfservice plus/5.1-5103
- version/zohocorp manageengine adselfservice plus/5.1-5104
- version/zohocorp manageengine adselfservice plus/5.1-5105
- version/zohocorp manageengine adselfservice plus/5.1-5106
- version/zohocorp manageengine adselfservice plus/5.1-5107
- version/zohocorp manageengine adselfservice plus/5.1-5108
- version/zohocorp manageengine adselfservice plus/5.1-5109
- version/zohocorp manageengine adselfservice plus/5.1-5110
- version/zohocorp manageengine adselfservice plus/5.1-5111
- version/zohocorp manageengine adselfservice plus/5.1-5112
- version/zohocorp manageengine adselfservice plus/5.1-5113
- version/zohocorp manageengine adselfservice plus/5.1-5114
- version/zohocorp manageengine adselfservice plus/5.1-5115
- version/zohocorp manageengine adselfservice plus/5.2-5200
- version/zohocorp manageengine adselfservice plus/5.2-5201
- version/zohocorp manageengine adselfservice plus/5.2-5202
- version/zohocorp manageengine adselfservice plus/5.2-5203
- version/zohocorp manageengine adselfservice plus/5.2-5204
- version/zohocorp manageengine adselfservice plus/5.2-5205
- version/zohocorp manageengine adselfservice plus/5.2-5206
- version/zohocorp manageengine adselfservice plus/5.2-5207
- version/zohocorp manageengine adselfservice plus/5.3-5300
- version/zohocorp manageengine adselfservice plus/5.3-5301
- version/zohocorp manageengine adselfservice plus/5.3-5302
- version/zohocorp manageengine adselfservice plus/5.3-5303
- version/zohocorp manageengine adselfservice plus/5.3-5304
- version/zohocorp manageengine adselfservice plus/5.3-5305
- version/zohocorp manageengine adselfservice plus/5.3-5306
- version/zohocorp manageengine adselfservice plus/5.3-5307
- version/zohocorp manageengine adselfservice plus/5.3-5308
- version/zohocorp manageengine adselfservice plus/5.3-5309
- version/zohocorp manageengine adselfservice plus/5.3-5310
- version/zohocorp manageengine adselfservice plus/5.3-5311
- version/zohocorp manageengine adselfservice plus/5.3-5312
- version/zohocorp manageengine adselfservice plus/5.3-5313
- version/zohocorp manageengine adselfservice plus/5.3-5314
- version/zohocorp manageengine adselfservice plus/5.3-5315
- version/zohocorp manageengine adselfservice plus/5.3-5316
- version/zohocorp manageengine adselfservice plus/5.3-5317
- version/zohocorp manageengine adselfservice plus/5.3-5318
- version/zohocorp manageengine adselfservice plus/5.3-5319
- version/zohocorp manageengine adselfservice plus/5.3-5320
- version/zohocorp manageengine adselfservice plus/5.3-5321
- version/zohocorp manageengine adselfservice plus/5.3-5322
- version/zohocorp manageengine adselfservice plus/5.3-5323
- version/zohocorp manageengine adselfservice plus/5.3-5324
- version/zohocorp manageengine adselfservice plus/5.3-5325
- version/zohocorp manageengine adselfservice plus/5.3-5326
- version/zohocorp manageengine adselfservice plus/5.3-5327
- version/zohocorp manageengine adselfservice plus/5.3-5328
- version/zohocorp manageengine adselfservice plus/5.3-5329
- version/zohocorp manageengine adselfservice plus/5.3-5330
- version/zohocorp manageengine adselfservice plus/5.4-5400
- version/zohocorp manageengine adselfservice plus/5.5-5500
- version/zohocorp manageengine adselfservice plus/5.5-5501
- version/zohocorp manageengine adselfservice plus/5.5-5502
- version/zohocorp manageengine adselfservice plus/5.5-5503
- version/zohocorp manageengine adselfservice plus/5.5-5504
- version/zohocorp manageengine adselfservice plus/5.5-5505
- version/zohocorp manageengine adselfservice plus/5.5-5506
- version/zohocorp manageengine adselfservice plus/5.5-5507
- version/zohocorp manageengine adselfservice plus/5.5-5508
- version/zohocorp manageengine adselfservice plus/5.5-5509
- version/zohocorp manageengine adselfservice plus/5.5-5510
- version/zohocorp manageengine adselfservice plus/5.5-5511
- version/zohocorp manageengine adselfservice plus/5.5-5512
- version/zohocorp manageengine adselfservice plus/5.5-5513
- version/zohocorp manageengine adselfservice plus/5.5-5514
- version/zohocorp manageengine adselfservice plus/5.5-5515
- version/zohocorp manageengine adselfservice plus/5.5-5516
- version/zohocorp manageengine adselfservice plus/5.5-5517
- version/zohocorp manageengine adselfservice plus/5.5-5518
- version/zohocorp manageengine adselfservice plus/5.5-5519
- version/zohocorp manageengine adselfservice plus/5.5-5520
- version/zohocorp manageengine adselfservice plus/5.5-5521
- version/zohocorp manageengine adselfservice plus/5.6-5600
- version/zohocorp manageengine adselfservice plus/5.6-5601
- version/zohocorp manageengine adselfservice plus/5.6-5602
- version/zohocorp manageengine adselfservice plus/5.6-5603
- version/zohocorp manageengine adselfservice plus/5.6-5604
- version/zohocorp manageengine adselfservice plus/5.6-5605
- version/zohocorp manageengine adselfservice plus/5.6-5606
- version/zohocorp manageengine adselfservice plus/5.6-5607
- version/zohocorp manageengine adselfservice plus/5.7-5702
- version/zohocorp manageengine adselfservice plus/5.7-5704