National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4520
There are 4 matching records.
Vuln ID Summary CVSS Severity
CVE-2019-12476

An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input.

Published: June 17, 2019; 02:15:10 PM -04:00
V3.0: 6.8 MEDIUM
    V2: 7.2 HIGH
CVE-2018-20485

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.

Published: December 26, 2018; 01:29:00 PM -05:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-3779

Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.

Published: January 07, 2015; 01:59:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2011-5105

Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.

Published: August 23, 2012; 04:55:02 PM -04:00
    V2: 4.3 MEDIUM