HTML Injection Vulnerability in ManageEngine Desktop Central by Zoho
CVE-2019-15510

6.1MEDIUM

Key Information:

Vendor: Zohocorp
Status: Manageengine Desktop Central
Vendor: CVE Published:; 23 March 2020

What is CVE-2019-15510?

The ManageEngine Desktop Central application by Zoho is susceptible to HTML injection due to weaknesses in the user administration page. This vulnerability arises when the description of a user role is improperly sanitized, allowing an attacker to inject malicious HTML content. Exploitation of this flaw can potentially lead to unauthorized access and manipulation of application data, posing significant security risks to organizations relying on this product for system management.

References

https://www.esecforte.com/responsible-vulnerability-discl...

x_refsource_MISC

https://www.manageengine.com/products/desktop-central/htm...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2020
Vulnerability Reserved
Aug 23, 2019

Zohocorp

What is CVE-2019-15510?

References

CVSS V3.1

Timeline