CVE-2021-38560

MEDIUM

Ivanti Service Manager 2021.1 - XSS

Title source: llm

Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx.

Core 2

Core References

Permissions Required, Vendor Advisory x_refsource_misc

Patch, Third Party Advisory x_refsource_misc

CVSS v3 6.1

EPSS 0.0094

EPSS Percentile 76.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79

Status published

Products (1)

ivanti/service_manager 2021.1

Published Feb 01, 2022

Tracked Since Feb 18, 2026