CVE-2019-16268: XSS
First published: Wed Feb 03 2021(Updated: )
Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Remote Access Plus | =10.0.259 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-16268?
CVE-2019-16268 is a vulnerability that allows HTML injection via the Description field on the Admin - User Administration screen in Zoho ManageEngine Remote Access Plus 10.0.259.
How severe is CVE-2019-16268?
CVE-2019-16268 has a severity rating of 4.8 (medium).
How does HTML injection work in CVE-2019-16268?
HTML injection occurs when an attacker is able to inject and execute arbitrary HTML code in the Description field on the Admin - User Administration screen.
What is the affected software version for CVE-2019-16268?
Zoho ManageEngine Remote Access Plus version 10.0.259 is affected by CVE-2019-16268.
How can I mitigate CVE-2019-16268?
To mitigate CVE-2019-16268, it is recommended to update Zoho ManageEngine Remote Access Plus to a version that includes the fix for this vulnerability.
- collector/nvd-index
- vendor/zohocorp
- canonical/zohocorp manageengine remote access plus
- version/zohocorp manageengine remote access plus/10.0.259