23 Mai 2019
Vulnérabilité CVE-2017-11739 CVE Vulnerability
In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a "Utility Widget" that contains malicious JavaScript code, aka XSS. (CVSS:4.3) (Last Update:2019-05-23)
Vulnerability Details : In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a "Utility Widget" that contains malicious JavaScript code, aka XSS. Publish Date : 2019-05-23 Last Update Date : 2019-05-23 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2017-11739
- Number Of Affected Versions By Product
- References For CVE-2017-11739
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2017-11739There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |