CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2018-19288

Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
Publish Date : 2018-11-15 Last Update Date : 2018-12-10
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
4.3
Confidentiality Impact None (There is no impact to the confidentiality of the system.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact None (There is no impact to the availability of the system.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Cross Site Scripting
CWE ID 79

- Products Affected By CVE-2018-19288

# Product Type Vendor Product Version Update Edition Language
1 Application Zohocorp Manageengine Opmanager 11.4 Version Details Vulnerabilities
2 Application Zohocorp Manageengine Opmanager 11.5 Version Details Vulnerabilities
3 Application Zohocorp Manageengine Opmanager 12.3 123007 Version Details Vulnerabilities
4 Application Zohocorp Manageengine Opmanager 12.3 123119 Version Details Vulnerabilities
5 Application Zohocorp Manageengine Opmanager 12.3 123044 Version Details Vulnerabilities
6 Application Zohocorp Manageengine Opmanager 12.3 123093 Version Details Vulnerabilities
7 Application Zohocorp Manageengine Opmanager 12.3 123168 Version Details Vulnerabilities
8 Application Zohocorp Manageengine Opmanager 12.3 123080 Version Details Vulnerabilities
9 Application Zohocorp Manageengine Opmanager 12.3 123023 Version Details Vulnerabilities
10 Application Zohocorp Manageengine Opmanager 12.3 123208 Version Details Vulnerabilities
11 Application Zohocorp Manageengine Opmanager 12.3 123147 Version Details Vulnerabilities
12 Application Zohocorp Manageengine Opmanager 12.3 123055 Version Details Vulnerabilities
13 Application Zohocorp Manageengine Opmanager 12.3 123187 Version Details Vulnerabilities
14 Application Zohocorp Manageengine Opmanager 12.3 123002 Version Details Vulnerabilities
15 Application Zohocorp Manageengine Opmanager 12.3 123114 Version Details Vulnerabilities
16 Application Zohocorp Manageengine Opmanager 12.3 123034 Version Details Vulnerabilities
17 Application Zohocorp Manageengine Opmanager 12.3 123163 Version Details Vulnerabilities
18 Application Zohocorp Manageengine Opmanager 12.3 123070 Version Details Vulnerabilities
19 Application Zohocorp Manageengine Opmanager 12.3 123013 Version Details Vulnerabilities
20 Application Zohocorp Manageengine Opmanager 12.3 123198 Version Details Vulnerabilities
21 Application Zohocorp Manageengine Opmanager 12.3 123050 Version Details Vulnerabilities
22 Application Zohocorp Manageengine Opmanager 12.3 123109 Version Details Vulnerabilities
23 Application Zohocorp Manageengine Opmanager 12.3 123179 Version Details Vulnerabilities
24 Application Zohocorp Manageengine Opmanager 12.3 123029 Version Details Vulnerabilities
25 Application Zohocorp Manageengine Opmanager 12.3 123220 Version Details Vulnerabilities
26 Application Zohocorp Manageengine Opmanager 12.3 123158 Version Details Vulnerabilities
27 Application Zohocorp Manageengine Opmanager 12.3 123065 Version Details Vulnerabilities
28 Application Zohocorp Manageengine Opmanager 12.3 123193 Version Details Vulnerabilities
29 Application Zohocorp Manageengine Opmanager 12.3 123125 Version Details Vulnerabilities
30 Application Zohocorp Manageengine Opmanager 12.3 123008 Version Details Vulnerabilities
31 Application Zohocorp Manageengine Opmanager 12.3 123120 Version Details Vulnerabilities
32 Application Zohocorp Manageengine Opmanager 12.3 123045 Version Details Vulnerabilities
33 Application Zohocorp Manageengine Opmanager 12.3 123104 Version Details Vulnerabilities
34 Application Zohocorp Manageengine Opmanager 12.3 123169 Version Details Vulnerabilities
35 Application Zohocorp Manageengine Opmanager 12.3 123081 Version Details Vulnerabilities
36 Application Zohocorp Manageengine Opmanager 12.3 123024 Version Details Vulnerabilities
37 Application Zohocorp Manageengine Opmanager 12.3 123214 Version Details Vulnerabilities
38 Application Zohocorp Manageengine Opmanager 12.3 123148 Version Details Vulnerabilities
39 Application Zohocorp Manageengine Opmanager 12.3 123056 Version Details Vulnerabilities
40 Application Zohocorp Manageengine Opmanager 12.3 123188 Version Details Vulnerabilities
41 Application Zohocorp Manageengine Opmanager 12.3 123003 Version Details Vulnerabilities
42 Application Zohocorp Manageengine Opmanager 12.3 123115 Version Details Vulnerabilities
43 Application Zohocorp Manageengine Opmanager 12.3 123035 Version Details Vulnerabilities
44 Application Zohocorp Manageengine Opmanager 12.3 123164 Version Details Vulnerabilities
45 Application Zohocorp Manageengine Opmanager 12.3 123076 Version Details Vulnerabilities
46 Application Zohocorp Manageengine Opmanager 12.3 123014 Version Details Vulnerabilities
47 Application Zohocorp Manageengine Opmanager 12.3 123204 Version Details Vulnerabilities
48 Application Zohocorp Manageengine Opmanager 12.3 123051 Version Details Vulnerabilities
49 Application Zohocorp Manageengine Opmanager 12.3 123183 Version Details Vulnerabilities
50 Application Zohocorp Manageengine Opmanager 12.3 123159 Version Details Vulnerabilities
51 Application Zohocorp Manageengine Opmanager 12.3 123066 Version Details Vulnerabilities
52 Application Zohocorp Manageengine Opmanager 12.3 123194 Version Details Vulnerabilities
53 Application Zohocorp Manageengine Opmanager 12.3 123126 Version Details Vulnerabilities
54 Application Zohocorp Manageengine Opmanager 12.3 123110 Version Details Vulnerabilities
55 Application Zohocorp Manageengine Opmanager 12.3 123180 Version Details Vulnerabilities
56 Application Zohocorp Manageengine Opmanager 12.3 123030 Version Details Vulnerabilities
57 Application Zohocorp Manageengine Opmanager 12.3 123221 Version Details Vulnerabilities
58 Application Zohocorp Manageengine Opmanager 12.3 123009 Version Details Vulnerabilities
59 Application Zohocorp Manageengine Opmanager 12.3 123121 Version Details Vulnerabilities
60 Application Zohocorp Manageengine Opmanager 12.3 123046 Version Details Vulnerabilities
61 Application Zohocorp Manageengine Opmanager 12.3 123105 Version Details Vulnerabilities
62 Application Zohocorp Manageengine Opmanager 12.3 123175 Version Details Vulnerabilities
63 Application Zohocorp Manageengine Opmanager 12.3 123082 Version Details Vulnerabilities
64 Application Zohocorp Manageengine Opmanager 12.3 123025 Version Details Vulnerabilities
65 Application Zohocorp Manageengine Opmanager 12.3 123215 Version Details Vulnerabilities
66 Application Zohocorp Manageengine Opmanager 12.3 123149 Version Details Vulnerabilities
67 Application Zohocorp Manageengine Opmanager 12.3 123057 Version Details Vulnerabilities
68 Application Zohocorp Manageengine Opmanager 12.3 123189 Version Details Vulnerabilities
69 Application Zohocorp Manageengine Opmanager 12.3 123004 Version Details Vulnerabilities
70 Application Zohocorp Manageengine Opmanager 12.3 123116 Version Details Vulnerabilities
71 Application Zohocorp Manageengine Opmanager 12.3 123036 Version Details Vulnerabilities
72 Application Zohocorp Manageengine Opmanager 12.3 123090 Version Details Vulnerabilities
73 Application Zohocorp Manageengine Opmanager 12.3 123165 Version Details Vulnerabilities
74 Application Zohocorp Manageengine Opmanager 12.3 123077 Version Details Vulnerabilities
75 Application Zohocorp Manageengine Opmanager 12.3 123015 Version Details Vulnerabilities
76 Application Zohocorp Manageengine Opmanager 12.3 123205 Version Details Vulnerabilities
77 Application Zohocorp Manageengine Opmanager 12.3 123052 Version Details Vulnerabilities
78 Application Zohocorp Manageengine Opmanager 12.3 123184 Version Details Vulnerabilities
79 Application Zohocorp Manageengine Opmanager 12.3 123195 Version Details Vulnerabilities
80 Application Zohocorp Manageengine Opmanager 12.3 123127 Version Details Vulnerabilities
81 Application Zohocorp Manageengine Opmanager 12.3 Version Details Vulnerabilities
82 Application Zohocorp Manageengine Opmanager 12.3 123111 Version Details Vulnerabilities
83 Application Zohocorp Manageengine Opmanager 12.3 123181 Version Details Vulnerabilities
84 Application Zohocorp Manageengine Opmanager 12.3 123031 Version Details Vulnerabilities
85 Application Zohocorp Manageengine Opmanager 12.3 123160 Version Details Vulnerabilities
86 Application Zohocorp Manageengine Opmanager 12.3 123067 Version Details Vulnerabilities
87 Application Zohocorp Manageengine Opmanager 12.3 123010 Version Details Vulnerabilities
88 Application Zohocorp Manageengine Opmanager 12.3 123122 Version Details Vulnerabilities
89 Application Zohocorp Manageengine Opmanager 12.3 123047 Version Details Vulnerabilities
90 Application Zohocorp Manageengine Opmanager 12.3 123106 Version Details Vulnerabilities
91 Application Zohocorp Manageengine Opmanager 12.3 123176 Version Details Vulnerabilities
92 Application Zohocorp Manageengine Opmanager 12.3 123083 Version Details Vulnerabilities
93 Application Zohocorp Manageengine Opmanager 12.3 123026 Version Details Vulnerabilities
94 Application Zohocorp Manageengine Opmanager 12.3 123217 Version Details Vulnerabilities
95 Application Zohocorp Manageengine Opmanager 12.3 123150 Version Details Vulnerabilities
96 Application Zohocorp Manageengine Opmanager 12.3 123062 Version Details Vulnerabilities
97 Application Zohocorp Manageengine Opmanager 12.3 123190 Version Details Vulnerabilities
98 Application Zohocorp Manageengine Opmanager 12.3 123005 Version Details Vulnerabilities
99 Application Zohocorp Manageengine Opmanager 12.3 123117 Version Details Vulnerabilities
100 Application Zohocorp Manageengine Opmanager 12.3 123037 Version Details Vulnerabilities
101 Application Zohocorp Manageengine Opmanager 12.3 123091 Version Details Vulnerabilities
102 Application Zohocorp Manageengine Opmanager 12.3 123166 Version Details Vulnerabilities
103 Application Zohocorp Manageengine Opmanager 12.3 123078 Version Details Vulnerabilities
104 Application Zohocorp Manageengine Opmanager 12.3 123021 Version Details Vulnerabilities
105 Application Zohocorp Manageengine Opmanager 12.3 123206 Version Details Vulnerabilities
106 Application Zohocorp Manageengine Opmanager 12.3 123136 Version Details Vulnerabilities
107 Application Zohocorp Manageengine Opmanager 12.3 123053 Version Details Vulnerabilities
108 Application Zohocorp Manageengine Opmanager 12.3 123185 Version Details Vulnerabilities
109 Application Zohocorp Manageengine Opmanager 12.3 12300 Version Details Vulnerabilities
110 Application Zohocorp Manageengine Opmanager 12.3 123112 Version Details Vulnerabilities
111 Application Zohocorp Manageengine Opmanager 12.3 123182 Version Details Vulnerabilities
112 Application Zohocorp Manageengine Opmanager 12.3 123032 Version Details Vulnerabilities
113 Application Zohocorp Manageengine Opmanager 12.3 123161 Version Details Vulnerabilities
114 Application Zohocorp Manageengine Opmanager 12.3 123068 Version Details Vulnerabilities
115 Application Zohocorp Manageengine Opmanager 12.3 123011 Version Details Vulnerabilities
116 Application Zohocorp Manageengine Opmanager 12.3 123196 Version Details Vulnerabilities
117 Application Zohocorp Manageengine Opmanager 12.3 123123 Version Details Vulnerabilities
118 Application Zohocorp Manageengine Opmanager 12.3 123048 Version Details Vulnerabilities
119 Application Zohocorp Manageengine Opmanager 12.3 123107 Version Details Vulnerabilities
120 Application Zohocorp Manageengine Opmanager 12.3 123177 Version Details Vulnerabilities
121 Application Zohocorp Manageengine Opmanager 12.3 123084 Version Details Vulnerabilities
122 Application Zohocorp Manageengine Opmanager 12.3 123027 Version Details Vulnerabilities
123 Application Zohocorp Manageengine Opmanager 12.3 123218 Version Details Vulnerabilities
124 Application Zohocorp Manageengine Opmanager 12.3 123156 Version Details Vulnerabilities
125 Application Zohocorp Manageengine Opmanager 12.3 123063 Version Details Vulnerabilities
126 Application Zohocorp Manageengine Opmanager 12.3 123191 Version Details Vulnerabilities
127 Application Zohocorp Manageengine Opmanager 12.3 123006 Version Details Vulnerabilities
128 Application Zohocorp Manageengine Opmanager 12.3 123118 Version Details Vulnerabilities
129 Application Zohocorp Manageengine Opmanager 12.3 123043 Version Details Vulnerabilities
130 Application Zohocorp Manageengine Opmanager 12.3 123092 Version Details Vulnerabilities
131 Application Zohocorp Manageengine Opmanager 12.3 123167 Version Details Vulnerabilities
132 Application Zohocorp Manageengine Opmanager 12.3 123079 Version Details Vulnerabilities
133 Application Zohocorp Manageengine Opmanager 12.3 123022 Version Details Vulnerabilities
134 Application Zohocorp Manageengine Opmanager 12.3 123207 Version Details Vulnerabilities
135 Application Zohocorp Manageengine Opmanager 12.3 123137 Version Details Vulnerabilities
136 Application Zohocorp Manageengine Opmanager 12.3 123054 Version Details Vulnerabilities
137 Application Zohocorp Manageengine Opmanager 12.3 123186 Version Details Vulnerabilities
138 Application Zohocorp Manageengine Opmanager 12.3 123001 Version Details Vulnerabilities
139 Application Zohocorp Manageengine Opmanager 12.3 123113 Version Details Vulnerabilities
140 Application Zohocorp Manageengine Opmanager 12.3 123033 Version Details Vulnerabilities
141 Application Zohocorp Manageengine Opmanager 12.3 123162 Version Details Vulnerabilities
142 Application Zohocorp Manageengine Opmanager 12.3 123069 Version Details Vulnerabilities
143 Application Zohocorp Manageengine Opmanager 12.3 123012 Version Details Vulnerabilities
144 Application Zohocorp Manageengine Opmanager 12.3 123197 Version Details Vulnerabilities
145 Application Zohocorp Manageengine Opmanager 12.3 123049 Version Details Vulnerabilities
146 Application Zohocorp Manageengine Opmanager 12.3 123108 Version Details Vulnerabilities
147 Application Zohocorp Manageengine Opmanager 12.3 123178 Version Details Vulnerabilities
148 Application Zohocorp Manageengine Opmanager 12.3 123086 Version Details Vulnerabilities
149 Application Zohocorp Manageengine Opmanager 12.3 123028 Version Details Vulnerabilities
150 Application Zohocorp Manageengine Opmanager 12.3 123219 Version Details Vulnerabilities
151 Application Zohocorp Manageengine Opmanager 12.3 123157 Version Details Vulnerabilities
152 Application Zohocorp Manageengine Opmanager 12.3 123064 Version Details Vulnerabilities
153 Application Zohocorp Manageengine Opmanager 12.3 123192 Version Details Vulnerabilities
154 Application Zohocorp Manageengine Opmanager 12.3 123124 Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Zohocorp Manageengine Opmanager 154

- References For CVE-2018-19288

https://www.manageengine.com/network-monitoring/help/read-me.html
http://www.securityfocus.com/bid/105960
BID 105960 Zoho ManageEngine OpManager CVE-2018-19288 Cross Site Scripting Vulnerability Release Date:2018-11-13

- Metasploit Modules Related To CVE-2018-19288

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.