Schedule demo
 
 

CVE-2020-15521

Unauthenticated Reflected XSS via url '/jsp/header.jsp'


Vulnerability Details
Impact CVSS V3 rating: 7.4
Fixed 22 July 2020
Affected Builds Till version 14760
Fixed in Version 14770 and above
Overview Unauthenticated Reflected XSS via url '/jsp/header.jsp'.
Recommended Fix Upgrade Applications Manager to version 14770 or above.

Description- Security Update - CVE-2020-15521 Database

In ManageEngine Application Manager 14.7 Build 14760, An Unauthenticated Reflected XSS via url '/jsp/header.jsp' is possible.

We recommend you to upgrade Applications Manager to version 14770 or above to fix this issue.


Source and Acknowledgements

Find out more about CVE-2020-15521 from CVE Directory and NIST NVD.

Reported by:
Dien Pham at Vietnam Security Network (VSEC)

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

You're in great company