Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Security Updates

 
close-but
  • How do I find out my Build number?
  • 1 Log in to the ADAudit Plus web console, and click License in the top pane.
  • 2 You will find the build number mentioned below the product version. This is the current build number of ADAudit Plus.

    how-do-find-build-number

XSS vulnerability in the username field (CVE-2023-37308) fixed | ADAudit Plus

Vulnerability details
Severity Medium
CVE ID CVE-2023-37308
Affected software versions Builds 7091 and below [How to find your build number?]
Fixed version Build 7100
Fixed on December 28, 2022

Details

CVE-2023-37308 refers to a XSS vulnerability in username field reported in ManageEngine ADAudit Plus that made it possible for users to inject malicious JavaScript into the username field of the product.

We have released ADAudit Plus build 7100, that fixes the issue by sanitizing the XSS payload.

Impact

The vulnerability in ADAudit Plus allows users to inject malicious JavaScript into the username section of certain reports within the product. When the reports are loaded, the injected script will be executed. This type of vulnerability poses a significant risk potentially leading to data exfiltration, system compromise, or other malicious activities.

Steps to upgrade

Upgrade your ADAudit Plus instance to the latest build 7100, using the service pack.

Acknowledgements

This issue was reported by Ryan through the Zoho BugBounty program.

If you have any questions or need assistance, please get in touch with support@adauditplus.com.

ADAudit Plus Trusted By

Meet all auditing and IT security needs with ADAudit Plus.

  • Active Directory
  • File servers
  • Windows server
  • Workstation
  • Compliance
  • Related Products

A single pane of glass for complete Active Directory Auditing and Reporting

Free Trial Get Quote
Email Download Link