Zoho ManageEngine OpManager version 12.3 suffers from multiple cross site scripting vulnerabilities.
dd397fed4163fc8d8337bb0cec0c033bc8a073e6bddfd2ea65f12472b4f23b18Issue 1:
------------------------------------------
I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 allows stored XSS
II. CVE REFERENCE
-------------------------
CVE-2018-18715
III. VENDOR
-------------------------
https://www.manageengine.com
IV. TIMELINE
-------------------------
09/10/18 Vulnerability discovered
09/10/18 Vendor contacted
26/10/2018 OPManager replay that they fixed
V. CREDIT
-------------------------
Hakan Bayir at Biznet Bilisim A.S.
VI. DESCRIPTION
-------------------------
ManageEngine OPManager product(version 12.3) was allows Stored XSS
Vulnerability.
VII. Remediation
-------------------------
Its recommended to update latest version of OPManager. Its fixed in
latest version and Build No 123219.
--
Issue 2:
------------------------------------------
I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 allows Self XSS Vulnerability
II. CVE REFERENCE
-------------------------
CVE-2018-18716
III. VENDOR
-------------------------
https://www.manageengine.com
IV. TIMELINE
-------------------------
09/10/18 Vulnerability discovered
09/10/18 Vendor contacted
26/10/2018 OPManager replay that they fixed
V. CREDIT
-------------------------
Hakan Bayir at Biznet Bilisim A.S.
VI. DESCRIPTION
-------------------------
ManageEngine OPManager product(version 12.3) was allows Self XSS Vulnerability.
VII. Remediation
-------------------------
Its recommended to update latest version of OPManager. Its fixed in
latest version and Build No 123219.
--
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed