ManageEngine OPManager 12.3 Cross Site Scripting Vulnerability

2018-10-18
ID: 99789
CVE: None
Download vulnerable application: None
I. VULNERABILITY
-------------------------
OPManager version 12.3, Stored XSS Vulnerability
 II. CVE REFERENCE
-------------------------
CVE-2018-18262
 III. VENDOR
-------------------------
https://www.manageengine.com
 IV. TIMELINE
-------------------------
10/09/18 Vulnerability discovered
13/09/18 Vendor contacted
11/10/2018 OPManager replay that they fixed
 V. CREDIT
-------------------------
Murat Aydemir from Biznet Bilisim A.S.
 VI. DESCRIPTION
-------------------------
ManageEngine OPManager product(version 12.3) was vulnerable to stored
xss attacks. A successfully exploit of this attack could allow thief
users sessions or arbitrary interpret javascript code on remote host
https://www.manageengine.com/network-monitoring/help/read-me.html
 VII. Remediation
-------------------------
Its recommended to update latest version of OPManager. Its fixed in
version 12.3 and Build No 123214
1-4-2 (www01)