fkie_cve-2021-43294
Vulnerability from fkie_nvd
Published
2021-11-30 19:15
Modified
2024-11-21 06:29
Severity ?
Summary
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3AE43EA7-9AA1-4EA7-8840-22BD543A093C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*",
"matchCriteriaId": "846EA6AB-9588-4D9F-AEBD-83B018BE7362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*",
"matchCriteriaId": "BDD540F2-C964-40DE-91AB-DE726AAA82A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*",
"matchCriteriaId": "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*",
"matchCriteriaId": "685783DB-DD06-4D9C-9E83-63449D5B60D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*",
"matchCriteriaId": "C371F2CD-A1F8-4EC7-8096-D61DEA337D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*",
"matchCriteriaId": "B980A72F-53E2-4FC1-AA25-743AE8650641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*",
"matchCriteriaId": "68289AE6-F348-401A-BE49-08889492B23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*",
"matchCriteriaId": "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*",
"matchCriteriaId": "34C768E0-FF5B-413D-87B2-9D09F28F95DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*",
"matchCriteriaId": "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*",
"matchCriteriaId": "B77031F5-E097-4549-BF5E-1D0718AB52B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*",
"matchCriteriaId": "5A9C0879-8AE5-4E6E-998C-E79FC418C68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*",
"matchCriteriaId": "3F1F21D7-08E8-4637-903B-4277399C0BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*",
"matchCriteriaId": "97920D1C-62BA-4B10-9912-C2ED1C1B0313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*",
"matchCriteriaId": "023C6278-1FF9-4E79-8D95-32BE71701D37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module."
},
{
"lang": "es",
"value": "Zoho ManageEngine SupportCenter Plus versiones anteriores a 11016, es vulnerable a un ataque de tipo XSS Reflejado en el m\u00f3dulo Products"
}
],
"id": "CVE-2021-43294",
"lastModified": "2024-11-21T06:29:01.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-30T19:15:09.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com/products/support-center/readme.html#11016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com/products/support-center/readme.html#11016"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.