CVE-2014-3779

2015-01-0718:00:00

mitre

www.cve.org

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

58.4%

JSON

Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.

References

packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html

exchange.xforce.ibmcloud.com/vulnerabilities/99612