CVE-2019-8346 is a vulnerability in Zoho Corp Manageengine Adselfservice Plus
Published on May 24, 2019

In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.

NVD

Products Associated with CVE-2019-8346

Want to know whenever a new CVE is published for Zoho Corp Manageengine Adselfservice Plus? stack.watch will email you.

Zoho Corp Manageengine Adselfservice Plus

Exploit Probability

EPSS

3.16%

Percentile

86.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-8346 is a vulnerability in Zoho Corp Manageengine Adselfservice PlusPublished on May 24, 2019

Products Associated with CVE-2019-8346

Exploit Probability

CVE-2019-8346 is a vulnerability in Zoho Corp Manageengine Adselfservice Plus
Published on May 24, 2019