CVE-2024-38870

Stored XSS vulnerability in Schedule reports - CVE-2024-38870

Severity: Medium

CVE ID: CVE-2024-38870

Product name Affected Version(s) Fixed Version(s) Fixed On
OpManager
OpManager Plus
OpManager MSP
OpManager Enterprise Edition
From version 128103 and below 128104 June 14, 2024
From version 128151 to 128237 128238 June 07,2024
From version 128247 to 128249 128250 & above June 04,2024

Details:

OpManager: A stored XSS vulnerability was discovered in Schedule reports. This has now been fixed.(Reported by Muhammed Mekkawy. Refer:CVE-2024-38870).

Steps to upgrade:

  1. Kindly download the latest upgrade pack from here.
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.

Source and Acknowledgements

This vulnerability was reported by Muhammed Mekkawy.

Kindly contact our product support team for further details, at the below mentioned email address:

 
 Pricing  Get Quote
Training and Support
Connect with us:
     

ManageEngine is a division of Zoho Corp.