4 matches found
ManageEngine Recovery Manager Plus 5.3 Cross Site Scripting
Exploit Title: ManageEngine Recovery Manager Plus 5.3 Build 5330 - Persistent Cross-Site Scripting Dated: 2018-03-31 Exploit Author: Ahmet GAREL Software Link: https://www.manageengine.com/ad-recovery-manager/ Version: = 5.3 Build 5330 Platform: Java Tested on: Windows CVE: CVE-2018-9163 1. DETAI...
ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting
Exploit Title: ManageEngine Recovery Manager Plus 5.3 Build 5330 - Persistent Cross-Site Scripting Dated: 2018-03-31 Exploit Author: Ahmet GÜREL Software Link: https://www.manageengine.com/ad-recovery-manager/ Version: = 5.3 Build 5330 Platform: Java Tested on: Windows CVE: CVE-2018-9163 1. DETAI...
ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting
ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting Exploit Title: ManageEngine Recovery Manager Plus 5.3 Build 5330 - Persistent Cross-Site Scripting Dated: 2018-03-31 Exploit Author: Ahmet GÜREL Software Link: https://www.manageengine.com/ad-recovery-manager/ Version: = 5.3 Build 5330...
CVE-2018-9163
CVE-2018-9163 affects Zoho ManageEngine Recovery Manager Plus (before 5.3, Build 5350). The issue is a stored XSS in the loginName parameter on the /admin/technicians page via technicianAction.do, exploitable by remote authenticated users with Add New Technician permissions. Documents show PoC pa...