CVE-2021-37416 PoC — Zoho ManageEngine ADSelfService Plus 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-37416.yaml

Associated Vulnerability

Title:Zoho ManageEngine ADSelfService Plus 跨站脚本漏洞 (CVE-2021-37416)
Description:ZOHO zoho manageengine adselfservice plus是美国卓豪（ZOHO）公司的一套基于Web的终端用户密码管理软件。 Zoho ManageEngine ADSelfService Plus 存在跨站脚本漏洞，该漏洞源于Zoho ManageEngine ADSelfService Plus 6103 及更早版本容易受到负载帧页面上反射的 XSS 攻击。攻击者可利用该漏洞执行客户端代码。

Description

Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page.

File Snapshot


 id: CVE-2021-37416

info:
  name: Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!