CVE-2020-27449: XSS
First published: Fri Aug 11 2023(Updated: )
Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Password Manager Pro | =11.1-build_11101 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-27449?
CVE-2020-27449 is a Cross Site Scripting (XSS) vulnerability in the Query Report feature in Zoho ManageEngine Password Manager Pro version 11.1-build_11101.
How can an attacker exploit CVE-2020-27449?
An attacker can exploit CVE-2020-27449 by injecting crafted JavaScript payload in the Query Report feature, allowing them to execute arbitrary code and steal cookies.
What is the severity of CVE-2020-27449?
CVE-2020-27449 has a severity of medium with a CVSS score of 6.1.
How can I fix CVE-2020-27449?
To fix CVE-2020-27449, update Zoho ManageEngine Password Manager Pro to version 11.1-build_11102 or later.
Where can I find more information about CVE-2020-27449?
You can find more information about CVE-2020-27449 at the following references: [LINK1], [LINK2].
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/event
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/zohocorp
- canonical/zohocorp manageengine password manager pro
- version/zohocorp manageengine password manager pro/11.1-build_11101