6.1
CVE-2018-20485
- EPSS 0.59%
- Published 26.12.2018 18:29:00
- Last modified 21.11.2024 04:01:34
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
Data is provided by the National Vulnerability Database (NVD)
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4510
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4511
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4520
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4522
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4531
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4540
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4543
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4544
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4550
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4560
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4570
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4571
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4572
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4580
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4590
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4591
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4592
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5000
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5001
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5002
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5010
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5011
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5020
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5021
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5022
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5030
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5032
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5040
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5041
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5100
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5101
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5102
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5103
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5104
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5105
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5106
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5107
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5108
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5109
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5110
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5111
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5112
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5113
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5114
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5115
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5200
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5201
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5202
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5203
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5204
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5205
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5206
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5207
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5300
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5301
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5302
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5303
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5304
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5305
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5306
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5307
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5308
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5309
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5310
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5311
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5312
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5313
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5314
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5315
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5316
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5317
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5318
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5319
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5320
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5321
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5322
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5323
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5324
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5325
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5326
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5327
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5328
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5329
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5330
Zohocorp ≫ Manageengine Adselfservice Plus Version5.4 Update5400
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5500
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5501
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5502
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5503
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5504
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5505
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5506
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5507
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5508
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5509
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5510
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5511
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5512
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5513
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5514
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5515
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5516
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5517
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5518
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5519
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5520
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5521
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5600
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5601
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5602
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5603
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5604
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5605
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5606
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5607
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5702
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.59% | 0.679 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.