Severity: Medium
ZVE ID:ZVE-2023-0284
Product name | Affected Version(s) | Fixed Version(s) | Fixed On |
---|---|---|---|
OpManager OpManager Plus OpManager MSP |
126276 and below | 126279 | 03-02-2023 |
126155 | 08-02-2023 | ||
126263 | 03-02-2023 |
Details:
OpManager : The Stored XSS vulnerability issues, that lead to JS injection, and were identified in the URL Monitors, have been fixed now.
This issue has been fixed by disabling invalid URL address during rendering.
Impact:
By using the stored XSS data that lead to JS injection, even users with insufficient privilege were able to gain access to sensitive information.
Steps to upgrade:
Source and Acknowledgements
This vulnerability was reported by Ranjit Pahan.
Kindly contact our product support team for further details, at the below mentioned email address: