5.4

CVE-2023-37308

Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZohocorpManageengine Adaudit Plus Version7.0 Update-
ZohocorpManageengine Adaudit Plus Version7.0 Update7000
ZohocorpManageengine Adaudit Plus Version7.0 Update7002
ZohocorpManageengine Adaudit Plus Version7.0 Update7003
ZohocorpManageengine Adaudit Plus Version7.0 Update7004
ZohocorpManageengine Adaudit Plus Version7.0 Update7005
ZohocorpManageengine Adaudit Plus Version7.0 Update7006
ZohocorpManageengine Adaudit Plus Version7.0 Update7007
ZohocorpManageengine Adaudit Plus Version7.0 Update7008
ZohocorpManageengine Adaudit Plus Version7.0 Update7050
ZohocorpManageengine Adaudit Plus Version7.0 Update7051
ZohocorpManageengine Adaudit Plus Version7.0 Update7052
ZohocorpManageengine Adaudit Plus Version7.0 Update7053
ZohocorpManageengine Adaudit Plus Version7.0 Update7054
ZohocorpManageengine Adaudit Plus Version7.0 Update7055
ZohocorpManageengine Adaudit Plus Version7.0 Update7060
ZohocorpManageengine Adaudit Plus Version7.0 Update7062
ZohocorpManageengine Adaudit Plus Version7.0 Update7063
ZohocorpManageengine Adaudit Plus Version7.0 Update7065
ZohocorpManageengine Adaudit Plus Version7.0 Update7080
ZohocorpManageengine Adaudit Plus Version7.0 Update7081
ZohocorpManageengine Adaudit Plus Version7.0 Update7082
ZohocorpManageengine Adaudit Plus Version7.0 Update7090
ZohocorpManageengine Adaudit Plus Version7.0 Update7091
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.75% 0.815
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 2.3 2.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.