Cross-site Scripting Vulnerability - CVE-2024-27313

Severity : Medium

CVE ID : CVE-2024-27313

Details :
A reflected cross-site scripting vulnerability was reported in PAM360. This issue has been fixed and no longer exists in the latest version.

Product Name	Affected Version(s)	Fixed Version(s)	Fixed On
PAM360	Only 6610	6611	26th April, 2024

We fixed this issue by removing the user input from the response.

Impact :
This vulnerability allows adversaries to run custom scripts and perform malicious actions on the PAM360 server.

Steps to Upgrade:

Download the latest upgrade pack from the following link
- PAM360 - https://www.manageengine.com/privileged-access-management/upgradepack.htm
Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above link.

Please contact the product support for further details at the below mentioned email addresses:

PAM360: pam360-support@manageengine.com