An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-05-23T17:07:27
Updated: 2024-08-05T18:12:40.351Z
Reserved: 2017-07-22T00:00:00
Link: CVE-2017-11560
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-05-23T18:29:00.637
Modified: 2024-11-21T03:08:01.283
Link: CVE-2017-11560
Redhat
No data.