# Security Updates - CVE-2020-19554 | ManageEngine OpManager

## CVE-2020-19554

### Reflected XSS vulnerability when the API key contained an XML-based XSS payload.

| Field | Details |
|---|---|
| Severity | Medium |
| Reported | 09th July, 2020 |
| Reported by | SecurityTest@dbappsecurity.com.cn |
| Fixed | 17th July, 2020 |
| Affected Builds | Builds 125176 and below. |
| Fixed in | Builds 12.5.177 |
| Overview | A reflected XSS vulnerability when the API key contained an XML-based XSS payload. |
| Recommended Fix | → For builds 12.3.xxx - 12.5.176, please upgrade to [OpManager Version 12.5.437.](https://www.manageengine.com/network-monitoring/service-packs.html?124196) |

### Description

A reflected XSS vulnerability when the API key contained an XML-based XSS payload.

We recommend that you [upgrade to OpManager Version 12.5.437](https://www.manageengine.com/network-monitoring/service-packs.html) or contact our support team at [itom-upgrades@manageengine.com](mailto:itom-upgrades@manageengine.com) to fix this issue.

### Source and Acknowledgements

Find out more about CVE-2020-19554 from the [CVE dictionary](https://nvd.nist.gov/vuln/detail/CVE-2020-19554).

### Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/network-monitoring/support.html) or email us at [itom-upgrades@manageengine.com](mailto:itom-upgrades@manageengine.com).