| Vulnerability Details | |
|---|---|
| Impact | CVSS V3 rating: 10 (Critical) |
| Reported | 20 Mar 2018 |
| Fixed | 25 April 2018 |
| Affected Builds | Till Build 123121 |
| Fixed in | Build 123122 |
| Overview | Cross-site scripting XSS vulnerability in 'Add credentials' |
| Recommended Fix | Upgrade to OpManager Version 12.3.239 or above. |
A Cross-site scripting XSS vulnerability was discovered in 'add credentials' page in OpManager before version 12.3.122. This vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF.
We recommend that you upgrade to OpManager Version 12.3.122 or above to fix this issue.
Source and Acknowledgements
Find out more about CVE-2018-10803 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at opmanager-support@manageengine.com.