Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD.
References
Link | Resource |
---|---|
https://raxis.com/blog/cve-2021-28382 | Exploit Third Party Advisory |
https://www.manageengine.com/key-manager/release-notes.html#6001 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Jun 2021, 15:21
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.manageengine.com/key-manager/release-notes.html#6001 - Vendor Advisory | |
References | (MISC) https://raxis.com/blog/cve-2021-28382 - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.0:6000:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_key_manager_plus:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
CWE | CWE-79 |
11 Jun 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Jun 2021, 11:38
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-07 10:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-28382
Mitre link : CVE-2021-28382
CVE.ORG link : CVE-2021-28382
JSON object : View
Products Affected
zohocorp
- manageengine_key_manager_plus
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')