ZOHO ManageEngine ADSelfService Plus是美国卓豪(ZOHO)公司的一套基于Web的终端用户密码管理软件。
ZOHO ManageEngine ADSelfService Plus 5.7 build 5702之前版本中自动更新部署的实现存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://www.manageengine.com/products/self-service-password/release-notes.html
来源:MISC
链接:http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html
来源:MISC
链接:https://www.manageengine.com/products/self-service-password/release-notes.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html
来源:www.exploit-db.com
链接:https://www.exploit-db.com/exploits/46815
发布时间 Jan 4, 2019
发布时间 Jan 4, 2019
发布时间 Dec 27, 2018
发布时间 Jan 8, 2015
发布时间 Jan 1, 1900
