2 matches found
CVE-2025-10573
Ivanti Endpoint Manager is affected by CVE-2025-10573 (Stored XSS) in versions before 2024 SU4 SR1. The vulnerability allows an unauthenticated attacker to inject JavaScript in the administrator session via crafted device scan data, requiring user interaction to trigger the payload. Several conne...
PT-2025-46347
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU4 Description A security issue exists in the agent component of Ivanti Endpoint Manager that allows a locally authenticated attacker to write arbitrary files to any location on the disk due to...