Filtered by vendor Zohocorp Subscriptions
Filtered by product Manageengine Adselfservice Plus Subscriptions
Total 48 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-20664 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 N/A
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
CVE-2018-20485 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 N/A
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
CVE-2018-20484 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 N/A
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
CVE-2014-3779 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.
CVE-2011-5105 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.
CVE-2010-3274 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.
CVE-2010-3273 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 N/A
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.
CVE-2010-3272 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 N/A
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.