In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-24T16:48:36

Updated: 2024-08-04T21:17:30.689Z

Reserved: 2019-02-15T00:00:00

Link: CVE-2019-8346

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-05-24T17:29:06.507

Modified: 2024-11-21T04:49:43.757

Link: CVE-2019-8346

cve-icon Redhat

No data.