Описание
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
Ссылки
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- Release Notes
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 5.3 (исключая)
cpe:2.3:a:zohocorp:manageengine_recovery_manager_plus:*:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02437
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
EPSS
Процентиль: 85%
0.02437
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79