XSS Vulnerability - ZVE-2023-0284

Severity: Medium

ZVE ID:ZVE-2023-0284

Product name Affected Version(s) Fixed Version(s) Fixed On
OpManager
OpManager Plus
OpManager MSP
126276 and below 126279 03-02-2023
126155 08-02-2023
126263 03-02-2023

Details:

OpManager : The Stored XSS vulnerability issues, that lead to JS injection, and were identified in the URL Monitors, have been fixed now. 

This issue has been fixed by disabling invalid URL address during rendering.

Impact:

By using the stored XSS data that lead to JS injection, even users with insufficient privilege were able to gain access to sensitive information.

Steps to upgrade:

  1. Kindly download the latest upgrade pack from here.
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.

Source and Acknowledgements

This vulnerability was reported by Ranjit Pahan.

Kindly contact our product support team for further details, at the below mentioned email address:

 

 
 Pricing  Get Quote