Stored XSS Vulnerability in Zoho ManageEngine Applications Manager
CVE-2021-31813

5.4MEDIUM

Key Information:

Vendor: Zohocorp
Status: Manageengine Applications Manager
Vendor: CVE Published:; 1 July 2021

What is CVE-2021-31813?

Zoho ManageEngine Applications Manager prior to version 15130 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs when an attacker is able to import malicious user details, such as a crafted username, from Active Directory (AD). When the compromised data is processed, it can lead to the execution of unauthorized scripts in the context of an unsuspecting user's session. This vulnerability highlights the importance of proper input validation and sanitization to mitigate potential security risks associated with data imports.

References

https://www.manageengine.com/products/applications_manage...

x_refsource_MISC

https://raxis.com/blog/cve-2021-31813

x_refsource_MISC

EPSS Score

20% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2021
Vulnerability Reserved
Apr 26, 2021

Zohocorp

What is CVE-2021-31813?

References

EPSS Score

CVSS V3.1

Timeline