PT-2023-4103 · Zoho · Zoho Manageengine Adaudit Plus
Publicado
2023-07-07
·
Atualizado
2023-07-12
·
CVE-2023-37308
CVSS v2.0
5.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Zoho ManageEngine ADAudit Plus versions prior to 7100
Description
The issue is related to a lack of protection in the web page structure of Zoho ManageEngine ADAudit Plus, allowing for a remote attacker to conduct a cross-site scripting (XSS) attack via the
username field.Recommendations
For versions prior to 7100, update to version 7100 or later to resolve the issue. As a temporary workaround, consider restricting input for the
username field to minimize the risk of exploitation.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Zoho Manageengine Adaudit Plus