CVE-2024-38870 LOW

CVE-2024-38870: Stored XSS

Vendor Manageengine
Product OpManager, OpManager Plus, OpManager MSP, OpManager Enterprise Edition
Weakness CWE-79 · XSS
Published July 17, 2024
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to Stored XSS vulnerability in reports module.

Key dates

02Disclosure timeline

July 17, 2024 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-48447 Lightgallery - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-069 CVE-2020-5264 Reflected XSS in security compromised page of PrestaShop CVE-2023-38045 Extension - admiror-design-studio.com - XSS in Admiror Gallery component for Joomla 5.0.0-5.2.0 CVE-2024-12699 Service Box <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2026-39666 WordPress Hello Bar Popup Builder plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability