CVE-2018-17596: XSS
First published: Tue Oct 02 2018(Updated: )
In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Assetexplorer | =6.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Zoho ManageEngine AssetExplorer vulnerability?
The vulnerability ID for this Zoho ManageEngine AssetExplorer vulnerability is CVE-2018-17596.
What is the severity of CVE-2018-17596 vulnerability?
The severity of CVE-2018-17596 vulnerability is medium with a severity value of 6.1.
What software version is affected by CVE-2018-17596 vulnerability?
The Zoho ManageEngine AssetExplorer version 6.2.0 is affected by CVE-2018-17596 vulnerability.
What is the impact of the stored XSS vulnerability in Zoho ManageEngine AssetExplorer?
The stored XSS vulnerability in Zoho ManageEngine AssetExplorer allows an attacker to execute malicious scripts on the affected system, potentially leading to information theft or unauthorized actions.
Is there a patch available to fix CVE-2018-17596 vulnerability?
Yes, it is recommended to update Zoho ManageEngine AssetExplorer to a version that includes a fix for the vulnerability. Contact Zohocorp for more information on the available patches or upgrades.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/zohocorp
- canonical/zohocorp manageengine assetexplorer
- version/zohocorp manageengine assetexplorer/6.2.0