.. / CVE-2021-37416

Exploit for Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting (CVE-2021-37416)

Description:

Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page.

Nuclei Template

View the template here CVE-2021-37416.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-37416.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-37416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37416
https://github.com/ARPSyndicate/kenzer-templates
https://blog.stmcyber.com/vulns/cve-2021-37416/