XSS Vulnerability in Zoho ManageEngine ADSelfService Plus

XSS Vulnerability in Zoho ManageEngine ADSelfService Plus

CVE-2022-24681 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.

Learn more about our User Device Pen Test.