Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-11560

An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application.

Published

2019-05-23T18:29:00.637

Last Modified

2024-11-21T03:08:01.283

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	zohocorp	manageengine_opmanager	12.2	Yes

References

http://manageengine.com Vendor Advisory ([email protected])
http://opmanager.com Product ([email protected])
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736 Exploit, Third Party Advisory ([email protected])
http://manageengine.com Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://opmanager.com Product (af854a3a-2127-422b-91ae-364da2661108)
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)