A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103773 | Third Party Advisory VDB Entry |
https://gurelahmet.com/cve-2018-9163-zoho-manageengine-recovery-manager-plus-5-3-build-5330-stored-cross-site-scripting-xss-vulnerability/ | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/44666/ | Third Party Advisory VDB Entry |
https://www.manageengine.com/ad-recovery-manager/release-notes.html#5350 | Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-04-02T12:00:00
Updated: 2018-07-03T19:57:01
Reserved: 2018-03-31T00:00:00
Link: CVE-2018-9163
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-04-02T12:29:00.207
Modified: 2019-02-27T19:18:26.143
Link: CVE-2018-9163
JSON object: View
Redhat Information
No data.
CWE