Design/Logic Flaw

2021-02-0318:15:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.1%

JSON

Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.

CPENameOperatorVersion
manageengine_remote_access_pluseq10.0.259

CPE	Name	Operator	Version
	manageengine_remote_access_plus	eq	10.0.259

References

www.esecforte.com/responsible-vulnerability-disclosure-cve-2019-16268-html-injection-vulnerability-in-manageengine-remote-access-plus/

www.manageengine.com/remote-desktop-management/knowledge-base/html-injection.html