XSS vulnerability - CVE-2024-36038

Severity: Medium

CVE ID: CVE-2024-36038

Product name Affected Version(s) Fixed Version(s) Fixed On
OpManager Plus
OpManager MSP
Network Configuration Manager
NetFlow Analyzer
Firewall Analyzer
From version 128234 to 128248 128249 31-05-2024


The stored XSS vulnerabilities were identified with the configured proxy server from 128234 version.


The vulnerability allows users with insufficient privilege to be able to gain access to sensitive information.

Steps to upgrade:

  1. Kindly download the latest upgrade pack from here.
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.

Source and Acknowledgements

This vulnerability was reported by Muhammed Mekkawy.

Kindly contact our product support team for further details, at the below mentioned email address:


 Pricing  Get Quote
Training and Support
Connect with us:

ManageEngine is a division of Zoho Corp.