Reflected XSS in LoadFrame page via single_signout parameter
ManageEngine ADSelfService Plus
Krzysztof Andrusiak and Marcin Ogorzelski
ADSelfServicePlus is prone to Reflected XSS attack via the single_signout parameter in /LoadFrame endpoint, potentially leading to victim's account takeover.
alpha-manage:8888with ADSSP server address in the following URL:
- Visit modified URL - XSS should fire.
- 17-03-2021 - Vulnerability reported to vendor
- 18-03-2021 - First response from vendor
- 08-05-2021 - Fixed version release
- 30-08-2021 - Public disclosure
- 21-02-2022 - PoC release