Cross-Site Scripting Vulnerability in Zoho ManageEngine Desktop Central
CVE-2018-16833

6.1MEDIUM

Key Information:

Vendor: Zohocorp
Status: Manageengine Desktop Central
Vendor: CVE Published:; 21 September 2018

What is CVE-2018-16833?

The Zoho ManageEngine Desktop Central version 10.0.271 is susceptible to a Cross-Site Scripting (XSS) vulnerability through the 'Features & Articles' search field. This vulnerability could allow attackers to execute arbitrary JavaScript code in the context of the user's session, potentially leading to data theft or unauthorized actions on behalf of the user. Attackers can exploit this weakness by crafting a malicious payload that is executed when a victim interacts with the compromised search functionality.

References

http://packetstormsecurity.com/files/149436/ManageEngine-...

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 21, 2018
Vulnerability Reserved
Sep 11, 2018

Zohocorp

What is CVE-2018-16833?

References

EPSS Score

CVSS V3.1

Timeline