CVE-2020-27449
MEDIUMZoho ManageEngine Password Manager Pro <11001 - XSS
Title source: llmDescription
Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory
https://bugbounty.zoho.com/bb/#/bug/101000003619211
Product, Release Notes
https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11002
Scores
CVSS v3
6.1
EPSS
0.0138
EPSS Percentile
80.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
zohocorp/manageengine_password_manager_pro
11.1 build_11101
Published
Aug 11, 2023
Tracked Since
Feb 18, 2026