Cross Site Scripting Vulnerability in ManageEngine OPManager by Zoho
CVE-2020-19554
6.1MEDIUM
What is CVE-2020-19554?
A Cross Site Scripting (XSS) vulnerability is present in ManageEngine OPManager versions up to 12.5.174. This flaw can be exploited when an API key is crafted to include an XML-based XSS payload, leading to the potential execution of malicious scripts in a user's browser. Such an attack could allow an attacker to hijack user sessions or redirect victims to malicious websites, posing significant risks to network integrity and user privacy.