CVE-2019-11511
MEDIUMZoho ManageEngine ADSelfService Plus <build 5708 - XSS
Title source: llmDescription
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.manageengine.com/products/self-service-password/release-notes.html#5708
Various Sources x_refsource_misc
https://zeroauth.ltd/blog/2019/05/26/cve-2019-11511-zoho-manageengine-adselfservice-plus-xss/
Scores
CVSS v3
6.1
EPSS
0.0260
EPSS Percentile
85.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
zohocorp/manageengine_adselfservice_plus
5.7 4500 (50 CPE variants)
Published
Apr 25, 2019
Tracked Since
Feb 18, 2026