CVE-2018-19288

Beschreibung:
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.

CWE: CWE-79

CVSS-Bewertung
CVSS 2: MEDIUM – 4.3 (Version: 2.0)
CVSS 3: MEDIUM – 6.1 (Version: 3.0)

Links:

NVD – CVE-2018-19288
CVE – CVE-2018-19288

Link (max. 20) Quelle Tags
https://www.manageengine.com/network-monitoring/help/read-me.html MISC Vendor Advisory Third Party Advisory
105960 BID Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/150124/Zoho-ManageEngine-OpManager-12.3-Cross-Site-Scripting.html MISC Third Party Advisory VDB Entry

Quelle: NVD – CVE-2018-19288
Datum Veröffentlichung: 2018-11-15T06:29Z, Datum letzte Änderung: 2021-05-04T15:07Z