Lucene search
MitreCVE-2018-20484HistoryDec 26, 2018 - 6:29 p.m.
CVE-2018-20484
2018-12-2618:29:00
CWE-79
mitre
web.nvd.nist.gov
47
cve-2018-20484
zoho
manageengine
adselfservice plus
xss
self-update
layout
nvd
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
51.2%
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
Affected configurations
Node
zohocorpmanageengine_adselfservice_plusMatch5.74500
ORzohocorpmanageengine_adselfservice_plusMatch5.75032
ORzohocorpmanageengine_adselfservice_plusMatch5.75040
ORzohocorpmanageengine_adselfservice_plusMatch5.75041
ORzohocorpmanageengine_adselfservice_plusMatch5.75100
ORzohocorpmanageengine_adselfservice_plusMatch5.75101
ORzohocorpmanageengine_adselfservice_plusMatch5.75102
ORzohocorpmanageengine_adselfservice_plusMatch5.75103
ORzohocorpmanageengine_adselfservice_plusMatch5.75104
ORzohocorpmanageengine_adselfservice_plusMatch5.75105
ORzohocorpmanageengine_adselfservice_plusMatch5.75106
ORzohocorpmanageengine_adselfservice_plusMatch5.75107
ORzohocorpmanageengine_adselfservice_plusMatch5.75108
ORzohocorpmanageengine_adselfservice_plusMatch5.75109
ORzohocorpmanageengine_adselfservice_plusMatch5.75110
ORzohocorpmanageengine_adselfservice_plusMatch5.75111
ORzohocorpmanageengine_adselfservice_plusMatch5.75112
ORzohocorpmanageengine_adselfservice_plusMatch5.75113
ORzohocorpmanageengine_adselfservice_plusMatch5.75114
ORzohocorpmanageengine_adselfservice_plusMatch5.75115
ORzohocorpmanageengine_adselfservice_plusMatch5.75116
ORzohocorpmanageengine_adselfservice_plusMatch5.75200
ORzohocorpmanageengine_adselfservice_plusMatch5.75201
ORzohocorpmanageengine_adselfservice_plusMatch5.75202
ORzohocorpmanageengine_adselfservice_plusMatch5.75203
ORzohocorpmanageengine_adselfservice_plusMatch5.75204
ORzohocorpmanageengine_adselfservice_plusMatch5.75205
ORzohocorpmanageengine_adselfservice_plusMatch5.75206
ORzohocorpmanageengine_adselfservice_plusMatch5.75207
ORzohocorpmanageengine_adselfservice_plusMatch5.75300
ORzohocorpmanageengine_adselfservice_plusMatch5.75301
ORzohocorpmanageengine_adselfservice_plusMatch5.75302
ORzohocorpmanageengine_adselfservice_plusMatch5.75303
ORzohocorpmanageengine_adselfservice_plusMatch5.75304
ORzohocorpmanageengine_adselfservice_plusMatch5.75305
ORzohocorpmanageengine_adselfservice_plusMatch5.75306
ORzohocorpmanageengine_adselfservice_plusMatch5.75307
ORzohocorpmanageengine_adselfservice_plusMatch5.75308
ORzohocorpmanageengine_adselfservice_plusMatch5.75309
ORzohocorpmanageengine_adselfservice_plusMatch5.75310
ORzohocorpmanageengine_adselfservice_plusMatch5.75311
ORzohocorpmanageengine_adselfservice_plusMatch5.75312
ORzohocorpmanageengine_adselfservice_plusMatch5.75313
ORzohocorpmanageengine_adselfservice_plusMatch5.75314
ORzohocorpmanageengine_adselfservice_plusMatch5.75315
ORzohocorpmanageengine_adselfservice_plusMatch5.75316
ORzohocorpmanageengine_adselfservice_plusMatch5.75317
ORzohocorpmanageengine_adselfservice_plusMatch5.75318
ORzohocorpmanageengine_adselfservice_plusMatch5.75319
ORzohocorpmanageengine_adselfservice_plusMatch5.75320
ORzohocorpmanageengine_adselfservice_plusMatch5.75321
ORzohocorpmanageengine_adselfservice_plusMatch5.75322
ORzohocorpmanageengine_adselfservice_plusMatch5.75323
ORzohocorpmanageengine_adselfservice_plusMatch5.75324
ORzohocorpmanageengine_adselfservice_plusMatch5.75325
ORzohocorpmanageengine_adselfservice_plusMatch5.75326
ORzohocorpmanageengine_adselfservice_plusMatch5.75327
ORzohocorpmanageengine_adselfservice_plusMatch5.75328
ORzohocorpmanageengine_adselfservice_plusMatch5.75329
ORzohocorpmanageengine_adselfservice_plusMatch5.75330
ORzohocorpmanageengine_adselfservice_plusMatch5.75400
ORzohocorpmanageengine_adselfservice_plusMatch5.75500
ORzohocorpmanageengine_adselfservice_plusMatch5.75501
ORzohocorpmanageengine_adselfservice_plusMatch5.75502
ORzohocorpmanageengine_adselfservice_plusMatch5.75503
ORzohocorpmanageengine_adselfservice_plusMatch5.75504
ORzohocorpmanageengine_adselfservice_plusMatch5.75505
ORzohocorpmanageengine_adselfservice_plusMatch5.75506
ORzohocorpmanageengine_adselfservice_plusMatch5.75507
ORzohocorpmanageengine_adselfservice_plusMatch5.75508
ORzohocorpmanageengine_adselfservice_plusMatch5.75509
ORzohocorpmanageengine_adselfservice_plusMatch5.75510
ORzohocorpmanageengine_adselfservice_plusMatch5.75511
ORzohocorpmanageengine_adselfservice_plusMatch5.75512
ORzohocorpmanageengine_adselfservice_plusMatch5.75513
ORzohocorpmanageengine_adselfservice_plusMatch5.75514
ORzohocorpmanageengine_adselfservice_plusMatch5.75515
ORzohocorpmanageengine_adselfservice_plusMatch5.75516
ORzohocorpmanageengine_adselfservice_plusMatch5.75517
ORzohocorpmanageengine_adselfservice_plusMatch5.75518
ORzohocorpmanageengine_adselfservice_plusMatch5.75519
ORzohocorpmanageengine_adselfservice_plusMatch5.75520
ORzohocorpmanageengine_adselfservice_plusMatch5.75521
ORzohocorpmanageengine_adselfservice_plusMatch5.75600
ORzohocorpmanageengine_adselfservice_plusMatch5.75601
ORzohocorpmanageengine_adselfservice_plusMatch5.75602
ORzohocorpmanageengine_adselfservice_plusMatch5.75603
ORzohocorpmanageengine_adselfservice_plusMatch5.75604
ORzohocorpmanageengine_adselfservice_plusMatch5.75605
ORzohocorpmanageengine_adselfservice_plusMatch5.75606
ORzohocorpmanageengine_adselfservice_plusMatch5.75700
ORzohocorpmanageengine_adselfservice_plusMatch5.75701
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:4500:*:*:*:*:*:* |
| zohocorp | manageengine_adselfservice_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5032:*:*:*:*:*:* |
| zohocorp | manageengine_adselfservice_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5040:*:*:*:*:*:* |
| zohocorp | manageengine_adselfservice_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5041:*:*:*:*:*:* |
| zohocorp | manageengine_adselfservice_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5100:*:*:*:*:*:* |
| zohocorp | manageengine_adselfservice_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5101:*:*:*:*:*:* |
| zohocorp | manageengine_adselfservice_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5102:*:*:*:*:*:* |
| zohocorp | manageengine_adselfservice_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5103:*:*:*:*:*:* |
| zohocorp | manageengine_adselfservice_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5104:*:*:*:*:*:* |
| zohocorp | manageengine_adselfservice_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5105:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2018-20484
2018-12-26 18:00:00
prion
prion
Information disclosure
2018-12-26 18:29:00
nvd
nvd
CVE-2018-20484
2018-12-26 18:29:00
exploitdb
exploitdb
zdt
zdt
exploitpack
exploitpack
Zoho ManageEngine ADSelfService Plus 5.7 5702 build - Cross-Site Scripting
2019-05-09 00:00:00
packetstorm
packetstorm
Zoho ManageEngine ADSelfService Plus 5.7 Cross Site Scripting
2019-05-09 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
51.2%
Related for CVE-2018-20484