ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting

ID: CVE-2022-24681

Severity: medium

Author: Open-Sec

Tags: cve,cve2022,manageengine,xss,authenticated,zohocorp

Description

ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens.

YAML Source

id: CVE-2022-24681

info:
  name: ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting
  author: Open-Sec
  severity: medium
  description: |
    ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens.
  impact: |
    Successful exploitation of this vulnerability could lead to the execution of arbitrary scripts or theft of sensitive information.
  remediation: |
    Upgrade to a version of ManageEngine ADSelfService Plus that is higher than 6121 to mitigate this vulnerability.
  reference:
    - https://raxis.com/blog/cve-2022-24681
    - https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-24681.html
    - https://manageengine.com
    - https://nvd.nist.gov/vuln/detail/CVE-2022-24681
    - https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-24681
    cwe-id: CWE-79
    epss-score: 0.00155
    epss-percentile: 0.51848
    cpe: cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: zohocorp
    product: manageengine_adselfservice_plus
    shodan-query:
      - http.title:"manageengine"
      - http.title:"adselfservice plus"
    fofa-query:
      - title="manageengine"
      - title="adselfservice plus"
    google-query:
      - intitle:"adselfservice plus"
      - intitle:"manageengine"
  tags: cve,cve2022,manageengine,xss,authenticated,zohocorp

http:
  - raw:
      - |
        POST /servlet/GetProductVersion HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - compare_versions(buildnumber, '< 6121')

      - type: word
        part: body
        words:
          - "ManageEngine"

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        name: buildnumber
        group: 1
        regex:
          - '"BUILD_NUMBER":"([0-9]+)",'
        internal: true
        part: body
# digest: 490a0046304402203333ae5800915822fdb8ad1ff41af351d213793a1303e5bd9f6ee013f23c499602201c732d296e16e0b1272993c022182ff497835b41622c62dff985471adbf30f91:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-24681.yaml"

View on Github