Zoho · Zoho Manageengine Admanager Plus · CVE-2017-17552
Name of the Vulnerable Software and Affected Versions:
Zoho ManageEngine AD Manager Plus versions 6590 through 6613
Description:
The issue allows attackers to conduct URL redirection attacks via the `src` parameter, potentially bypassing CSRF protection or masquerading a malicious URL as trusted. This is related to the `/LoadFrame` endpoint.
Recommendations:
For versions 6590 through 6613, as a temporary workaround, consider restricting access to the `/LoadFrame` endpoint to minimize the risk of exploitation. Avoid using the `src` parameter in the affected endpoint until the issue is resolved.