Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-27449

Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

Published

2023-08-11T14:15:10.840

Last Modified

2024-11-21T05:21:13.237

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	zohocorp	manageengine_password_manager_pro	11.1	Yes

References

https://bugbounty.zoho.com/bb/#/bug/101000003619211 Permissions Required, Vendor Advisory ([email protected])
https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11002 Product, Release Notes ([email protected])
https://bugbounty.zoho.com/bb/#/bug/101000003619211 Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11002 Product, Release Notes (af854a3a-2127-422b-91ae-364da2661108)