Cross-site Scripting Vulnerability - CVE-2024-27313

Severity : Medium

CVE ID : CVE-2024-27313

Details :
A reflected cross-site scripting vulnerability was reported in PAM360. This issue has been fixed and no longer exists in the latest version.

Product Name Affected Version(s) Fixed Version(s) Fixed On
PAM360 Only 6610 6611 26th April, 2024

We fixed this issue by removing the user input from the response.

Impact :
This vulnerability allows adversaries to run custom scripts and perform malicious actions on the PAM360 server.

Steps to Upgrade:

Please contact the product support for further details at the below mentioned email addresses:

PAM360: pam360-support@manageengine.com