CVE-2017-17698

MEDIUM

ManageEngine Password Manager Pro 9.0-9.4 - Reflected XSS in SearchResult.ec and BulkAccessControlView.ec

Title source: llm
STIX 2.1

Description

Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec.

References (1)

Core 1
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://www.manageengine.com/products/passwordmanagerpro/release-notes.html

Scores

CVSS v3 6.1
EPSS 0.0188
EPSS Percentile 83.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
zohocorp/manageengine_password_manager_pro 9.0 - 9.4
Published Dec 15, 2017
Tracked Since Feb 18, 2026