Lucene search

[email protected]NVD:CVE-2022-24681

HistoryApr 07, 2022 - 10:15 p.m.

CVE-2022-24681

2022-04-0722:15:07

CWE-79

[email protected]

web.nvd.nist.gov

zoho manageengine

xss

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

52.0%

JSON

Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.

Affected configurations

Nvd

Node

zohocorpmanageengine_adselfservice_plusRange<6.1

zohocorpmanageengine_adselfservice_plusMatch6.1-

zohocorpmanageengine_adselfservice_plusMatch6.16100

zohocorpmanageengine_adselfservice_plusMatch6.16101

zohocorpmanageengine_adselfservice_plusMatch6.16102

zohocorpmanageengine_adselfservice_plusMatch6.16103

zohocorpmanageengine_adselfservice_plusMatch6.16104

zohocorpmanageengine_adselfservice_plusMatch6.16105

zohocorpmanageengine_adselfservice_plusMatch6.16106

zohocorpmanageengine_adselfservice_plusMatch6.16107

zohocorpmanageengine_adselfservice_plusMatch6.16108

zohocorpmanageengine_adselfservice_plusMatch6.16109

zohocorpmanageengine_adselfservice_plusMatch6.16110

zohocorpmanageengine_adselfservice_plusMatch6.16111

zohocorpmanageengine_adselfservice_plusMatch6.16112

zohocorpmanageengine_adselfservice_plusMatch6.16113

zohocorpmanageengine_adselfservice_plusMatch6.16114

zohocorpmanageengine_adselfservice_plusMatch6.16115

zohocorpmanageengine_adselfservice_plusMatch6.16116

zohocorpmanageengine_adselfservice_plusMatch6.16117

zohocorpmanageengine_adselfservice_plusMatch6.16118

zohocorpmanageengine_adselfservice_plusMatch6.16119

zohocorpmanageengine_adselfservice_plusMatch6.16120

VendorProductVersionCPE
zohocorpmanageengine_adselfservice_plus*cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.1cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.1cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.1cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.1cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.1cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.1cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.1cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.1cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.1cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_adselfservice_plus	*	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus::::::::
zohocorp	manageengine_adselfservice_plus	6.1	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-::::::
zohocorp	manageengine_adselfservice_plus	6.1	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100::::::
zohocorp	manageengine_adselfservice_plus	6.1	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101::::::
zohocorp	manageengine_adselfservice_plus	6.1	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102::::::
zohocorp	manageengine_adselfservice_plus	6.1	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103::::::
zohocorp	manageengine_adselfservice_plus	6.1	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104::::::
zohocorp	manageengine_adselfservice_plus	6.1	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105::::::
zohocorp	manageengine_adselfservice_plus	6.1	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106::::::
zohocorp	manageengine_adselfservice_plus	6.1	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107::::::

Rows per page:

1-10 of 231

References

manageengine.com

raxis.com/blog/cve-2022-24681

www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

52.0%

JSON

Related for NVD:CVE-2022-24681

cvelist1 nessus1 prion1 nuclei1 cve1