vendor:
ADSelfService Plus
by:
SecurityFocus
8.8
CVSS
HIGH
Security-Bypass and Cross-Site Scripting
79
CWE
Product Name: ADSelfService Plus
Affected Version From: 4.4
Affected Version To: 4.4
Patch Exists: YES
Related CWE: N/A
CPE: a:manageengine:adselfservice_plus
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012
ManageEngine ADSelfService Plus Multiple Vulnerabilities
ManageEngine ADSelfService Plus is prone to multiple vulnerabilities, including multiple security-bypass and cross-site scripting vulnerabilities. Attackers can exploit these issues to bypass certain security restrictions and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help them steal cookie-based authentication credentials and launch other attacks.
Mitigation:
Ensure that all user-supplied input is validated before being used by the application. Ensure that output is encoded before being returned to the user's browser.
