ZOHO ManageEngine Password Manager Pro Multiple Cross-Site Scripting Vulnerabilities (CVE-2017-17698)
ZOHO ManageEngine Password Manager Pro Multiple Cross-Site Scripting Vulnerabilities (CVE-2017-17698)
Release date:
Updated on:
Affected Systems:
Zoho ManageEngine Password Manager Pro <9.4 (9400)
Description:
Bugtraq id: 102243
CVE (CAN) ID: CVE-2017-17698
ZOHO ManageEngine OpManager is a network performance management software.
Zoho ManageEngine Password Manager Pro 9 <9.4 (9400), in SearchResult. ec and BulkAccessControlView. the cross-site scripting (XSS) vulnerability exists in the ec. Attackers can exploit this vulnerability to execute arbitrary code in the affected site user's browser.
<* Source: vendor
*>
Suggestion:
Vendor patch:
Zoho
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://www.manageengine.com/products/firewall/
Https://www.manageengine.com/products/passwordmanagerpro/release-notes.html