Stored XSS Vulnerability in Zoho ManageEngine Applications Manager
CVE-2021-31813

5.4MEDIUM

Key Information:

Vendor: Zohocorp
Status: Manageengine Applications Manager
Vendor: CVE Published:; 1 July 2021

What is CVE-2021-31813?

Zoho ManageEngine Applications Manager prior to version 15130 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs when an attacker is able to import malicious user details, such as a crafted username, from Active Directory (AD). When the compromised data is processed, it can lead to the execution of unauthorized scripts in the context of an unsuspecting user's session. This vulnerability highlights the importance of proper input validation and sanitization to mitigate potential security risks associated with data imports.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.manageengine.com/products/applications_manage...

x_refsource_MISC

https://raxis.com/blog/cve-2021-31813

x_refsource_MISC

EPSS Score

24% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 1, 2021
Vulnerability Reserved
Apr 26, 2021

JSON

Zohocorp