First published: Thu Jul 01 2021(Updated: )
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp ManageEngine Applications Manager | <15.1 | |
Zohocorp ManageEngine Applications Manager | =15.1 | |
Zohocorp ManageEngine Applications Manager | =15.1-15100 | |
Zohocorp ManageEngine Applications Manager | =15.1-15110 | |
Zohocorp ManageEngine Applications Manager | =15.1-15120 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-31813 is a vulnerability in Zoho ManageEngine Applications Manager that allows for Stored XSS attacks when importing malicious user details.
Zoho ManageEngine Applications Manager versions up to and including 15.1.15130 are affected.
CVE-2021-31813 has a severity rating of 5.4, which is considered medium.
To fix the CVE-2021-31813 vulnerability, update Zoho ManageEngine Applications Manager to version 15.1.15130 or higher.
You can find more information about CVE-2021-31813 at the following references: [link1](https://raxis.com/blog/cve-2021-31813), [link2](https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2021-31813.html).