PT-2023-4103 · Zoho · Zoho Manageengine Adaudit Plus

Published

2023-07-07

Updated

2023-07-12

CVE-2023-37308

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADAudit Plus versions prior to 7100

Description The issue is related to a lack of protection in the web page structure of Zoho ManageEngine ADAudit Plus, allowing for a remote attacker to conduct a cross-site scripting (XSS) attack via the username field.

Recommendations For versions prior to 7100, update to version 7100 or later to resolve the issue. As a temporary workaround, consider restricting input for the username field to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2023-04411

CVE-2023-37308

Affected Products

Zoho Manageengine Adaudit Plus

PT-2023-4103 · Zoho · Zoho Manageengine Adaudit Plus

CVE-2023-37308

Weakness Enumeration

Related Identifiers

Affected Products

References · 8