CVE-2017-11560

Name of the Vulnerable Software and Affected Versions ZOHO ManageEngine OpManager version 12.2

Description An issue allows an authenticated user to upload an HTML file by adding a Google Map to the application. This uploaded HTML file is rendered in various application locations, and any included JavaScript is interpreted. As a result, an attacker can inject malicious JavaScript into the HTML file and upload it, potentially leading to exploitation.

Recommendations For ZOHO ManageEngine OpManager version 12.2, consider disabling the feature to upload HTML files, especially those containing JavaScript, until a patch is available to prevent malicious JavaScript injection. Restrict access to the Google Map addition feature to minimize the risk of exploitation.