CVE-2024-38870
Stored XSS
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 3.5EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
17 Jul 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to Stored XSS vulnerability in reports module.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
Affected products
ManageEngine · OpManager, OpManager Plus, OpManager MSP, OpManager Enterprise EditionWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →