Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.
References
Link | Resource |
---|---|
https://bugbounty.zoho.com/bb/#/bug/101000003619211 | Permissions Required Vendor Advisory |
https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11002 | Product Release Notes |
Configurations
Configuration 1 (hide)
|
History
16 Aug 2023, 15:37
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11002 - Product, Release Notes | |
References | (MISC) https://bugbounty.zoho.com/bb/#/bug/101000003619211 - Permissions Required, Vendor Advisory | |
First Time |
Zohocorp
Zohocorp manageengine Password Manager Pro |
|
CWE | CWE-79 | |
CPE | cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:build_11101:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
11 Aug 2023, 15:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-11 14:15
Updated : 2023-12-10 15:14
NVD link : CVE-2020-27449
Mitre link : CVE-2020-27449
CVE.ORG link : CVE-2020-27449
JSON object : View
Products Affected
zohocorp
- manageengine_password_manager_pro
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')