CVE-2020-27449

Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

Published: Aug 11, 2023
Updated: Aug 17, 2023
CVE: CVE-2020-27449
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_password_manager_pro	11.1-build_11101	11.1-build_11101.x

https://bugbounty.zoho.com/bb/#/bug/101000003619211
https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11002

Vulnerability Database

289,697

CVE-2020-27449