Lucene search

CVE-2018-9163

🗓️ 02 Apr 2018 12:00:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 58 Views🌐 WEB

Stored XSS vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users to inject arbitrary web script or HTML

Reporter	Title	Published	Views	Family All 7
Prion	Cross site scripting	2 Apr 201812:29	–	prion
Packet Storm	ManageEngine Recovery Manager Plus 5.3 Cross Site Scripting	22 May 201800:00	–	packetstorm
0day.today	ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting Vulnerability	21 May 201800:00	–	zdt
Exploit DB	ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting	21 May 201800:00	–	exploitdb
Cvelist	CVE-2018-9163	2 Apr 201812:00	–	cvelist
NVD	CVE-2018-9163	2 Apr 201812:29	–	nvd
exploitpack	ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting	21 May 201800:00	–	exploitpack

Nvd

Node

zohocorp manageengine_recovery_manager_plusRange<5.3

Source	Link
securityfocus	www.securityfocus.com/bid/103773
manageengine	www.manageengine.com/ad-recovery-manager/release-notes.html
exploit-db	www.exploit-db.com/exploits/44666/
gurelahmet	www.gurelahmet.com/cve-2018-9163-zoho-manageengine-recovery-manager-plus-5-3-build-5330-stored-cross-site-scripting-xss-vulnerability/

Parameter	Position	Path	Description	CWE
loginName	query param	/technicianAction.do	Stored Cross-site scripting (XSS) vulnerability in the loginName parameter allows injection of arbitrary web script or HTML.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

02 Apr 2018 12:29Current

5Medium risk

Vulners AI Score5

CVSS23.5

CVSS35.4

EPSS0.42118

CWE-79