exploitDog

CVE-2020-27449

Опубликовано: 11 авг. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

Ссылки

https://bugbounty.zoho.com/bb/#/bug/101000003619211
Permissions Required
Vendor Advisory
https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11002
Product
Release Notes
https://bugbounty.zoho.com/bb/#/bug/101000003619211
Permissions Required
Vendor Advisory
https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11002
Product
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:build_11101:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.0181

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-cxv9-h4hx-92c5

CVSS3: 6.1

github

больше 2 лет назад

Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

EPSS

Процентиль: 82%

0.0181

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79