Cross site scripting

2018-04-0212:29:00

PRIOn knowledge base

www.prio-n.com

0.874 High

EPSS

Percentile

98.7%

JSON

A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.

CPENameOperatorVersion
manageengine_recovery_manager_pluslt5.3

CPE	Name	Operator	Version
	manageengine_recovery_manager_plus	lt	5.3

References

www.securityfocus.com/bid/103773

gurelahmet.com/cve-2018-9163-zoho-manageengine-recovery-manager-plus-5-3-build-5330-stored-cross-site-scripting-xss-vulnerability/

www.exploit-db.com/exploits/44666/

www.manageengine.com/ad-recovery-manager/release-notes.html

0.874 High

EPSS

Percentile

98.7%

JSON

Related for PRION:CVE-2018-9163