CVE-2018-20485

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html
https://www.manageengine.com/products/self-service-password/release-notes.html	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4510::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4511::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4520::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4522::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4531::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4540::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4543::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4544::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4550::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4560::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4570::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4571::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4572::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4580::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4590::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4591::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4592::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607::::::
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702::::::

History

No history.

Information

Published : 2018-12-26 18:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-20485

Mitre link : CVE-2018-20485

CVE.ORG link : CVE-2018-20485

JSON object : View

Products Affected

zohocorp

manageengine_adselfservice_plus

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2018-20485

6.1^/10

4.3^/10

Attach tags to `CVE-2018-20485`