exploitDog

GHSA-vq83-9rx8-rq3m

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.

A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.

Ссылки

EPSS

Процентиль: 85%

0.02437

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-9163

CVSS3: 5.4

nvd

почти 8 лет назад

A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.

EPSS

Процентиль: 85%

0.02437

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79