This document addresses the vulnerability reported in the monitoring component of RMM Central.
Severities: Medium
Update Released Build: 10.1.50
Update Released Date: 03/02/2023
Stored XSS vulnerablilty issues were detected which lead to JS injection. These were identified in the URL monitors and has been fixed now. These issues have been fixed by disabling invalid URL address during rendering.
Using the stored XSS data, attackers might gain unauthorized access to session information.
Affected versions: 10.1.49 and below
This vulnerability was reported by Ranjit Pahan.
These vulnerabilities have been fixed on February 3, 2023 and the mitigation is available in the build 10.1.50 with monitoring build 12.6.278.
Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the service pack page.
https://www.manageengine.com/remote-monitoring-management/service-packs.html
For any further questions or concerns, please reach out to us at rmmcentral-support@manageengine.com