First published: Wed Feb 03 2021(Updated: )
Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp Manageengine Remote Access Plus | =10.0.259 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-16268 is a vulnerability that allows HTML injection via the Description field on the Admin - User Administration screen in Zoho ManageEngine Remote Access Plus 10.0.259.
CVE-2019-16268 has a severity rating of 4.8 (medium).
HTML injection occurs when an attacker is able to inject and execute arbitrary HTML code in the Description field on the Admin - User Administration screen.
Zoho ManageEngine Remote Access Plus version 10.0.259 is affected by CVE-2019-16268.
To mitigate CVE-2019-16268, it is recommended to update Zoho ManageEngine Remote Access Plus to a version that includes the fix for this vulnerability.