Cross Site Scripting Vulnerability in ManageEngine OPManager by Zoho
CVE-2020-19554

6.1MEDIUM

Key Information:

Vendor: Manageengine
Status: Opmanager
Vendor: CVE Published:; 21 September 2021

Summary

A Cross Site Scripting (XSS) vulnerability is present in ManageEngine OPManager versions up to 12.5.174. This flaw can be exploited when an API key is crafted to include an XML-based XSS payload, leading to the potential execution of malicious scripts in a user's browser. Such an attack could allow an attacker to hijack user sessions or redirect victims to malicious websites, posing significant risks to network integrity and user privacy.

References

https://www.manageengine.com/network-monitoring/help/read...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 21, 2021
Vulnerability Reserved
Aug 13, 2020