CVE-2017-11560
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application.
Fue encontrado un problema en ZOHO ManageEngine OpManager 12.2. Al agregar un Google Map a la aplicación, un usuario autenticado puede cargar un archivo HTML. Este archivo HTML se procesa en varias ubicaciones de la aplicación. JavaScript dentro del HTML cargado también es interpretado por la aplicación. Por lo tanto, un atacante puede inyectar una carga maliciosa de JavaScript dentro del archivo HTML y cargarlo a la aplicación.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-07-22 CVE Reserved
- 2019-05-23 CVE Published
- 2024-05-16 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://opmanager.com | Product |
URL | Date | SRC |
---|---|---|
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://manageengine.com | 2019-05-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Zohocorp Search vendor "Zohocorp" | Manageengine Opmanager Search vendor "Zohocorp" for product "Manageengine Opmanager" | 12.2 Search vendor "Zohocorp" for product "Manageengine Opmanager" and version "12.2" | - |
Affected
|