Описание
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 15.1 (исключая)
Одно из
cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:15.1:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:15.1:15100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:15.1:15110:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:15.1:15120:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.2463
Средний
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
EPSS
Процентиль: 96%
0.2463
Средний
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79