CVE-2017-11739
Last modified
CVE-2017-11739 is a vulnerability of currently unknown severity. In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. EPSS estimates a 2.80% chance of exploitation in the next 30 days.
Description
In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a "Utility Widget" that contains malicious JavaScript code, aka XSS.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Zohocorp | Manageengine Applications Manager | 13.1 | 13100 |
References
- http://application.comNot Applicable
- http://manageengine.comVendor Advisory
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734Exploit, Third Party Advisory
- http://application.comNot Applicable
- http://manageengine.comVendor Advisory
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-11739?
How severe is CVE-2017-11739?
How do I fix CVE-2017-11739?
Are you affected by CVE-2017-11739?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST