CVE-2019-16268

Опубликовано: 03 фев. 2021

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Средний

Описание

Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.

Ссылки

https://www.esecforte.com/responsible-vulnerability-disclosure-cve-2019-16268-html-injection-vulnerability-in-manageengine-remote-access-plus/
Exploit
Third Party Advisory
https://www.manageengine.com/remote-desktop-management/knowledge-base/html-injection.html
Vendor Advisory
https://www.esecforte.com/responsible-vulnerability-disclosure-cve-2019-16268-html-injection-vulnerability-in-manageengine-remote-access-plus/
Exploit
Third Party Advisory
https://www.manageengine.com/remote-desktop-management/knowledge-base/html-injection.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.259:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.12442

Средний

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-wpwr-fc52-h69c

github

больше 3 лет назад