Unrated severityNVD Advisory· Published May 24, 2019· Updated Aug 4, 2024
CVE-2019-8346
CVE-2019-8346
Description
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Zoho/ManageEngine ADSelfService Plusdescription
- Range: 5.x through 5704
Patches
Vulnerability mechanics
References
1- www.manageengine.com/products/self-service-password/release-notes.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.