6.1

CVE-2020-35594

Zoho ManageEngine ADManager Plus before 7066 allows XSS.

Data is provided by the National Vulnerability Database (NVD)
ZohocorpManageengine Admanager Plus Version7.0 Update-
ZohocorpManageengine Admanager Plus Version7.0 Update7000
ZohocorpManageengine Admanager Plus Version7.0 Update7010
ZohocorpManageengine Admanager Plus Version7.0 Update7011
ZohocorpManageengine Admanager Plus Version7.0 Update7020
ZohocorpManageengine Admanager Plus Version7.0 Update7030
ZohocorpManageengine Admanager Plus Version7.0 Update7040
ZohocorpManageengine Admanager Plus Version7.0 Update7041
ZohocorpManageengine Admanager Plus Version7.0 Update7050
ZohocorpManageengine Admanager Plus Version7.0 Update7051
ZohocorpManageengine Admanager Plus Version7.0 Update7052
ZohocorpManageengine Admanager Plus Version7.0 Update7053
ZohocorpManageengine Admanager Plus Version7.0 Update7054
ZohocorpManageengine Admanager Plus Version7.0 Update7055
ZohocorpManageengine Admanager Plus Version7.0 Update7056
ZohocorpManageengine Admanager Plus Version7.0 Update7060
ZohocorpManageengine Admanager Plus Version7.0 Update7061
ZohocorpManageengine Admanager Plus Version7.0 Update7062
ZohocorpManageengine Admanager Plus Version7.0 Update7063
ZohocorpManageengine Admanager Plus Version7.0 Update7064
ZohocorpManageengine Admanager Plus Version7.0 Update7065
ZohocorpManageengine Admanager Plus Version7.0 Update7066
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 3.87% 0.871
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.