CVE-2020-19554

Name of the Vulnerable Software and Affected Versions: ManageEngine OPManager versions prior to 12.5.175

Description: A Cross Site Scripting (XSS) issue exists when the API key contains an XML-based XSS payload. This allows for potential malicious script execution.

Recommendations: For ManageEngine OPManager versions prior to 12.5.175, update to version 12.5.175 or later to resolve the issue. As a temporary workaround, consider restricting the use of API keys to minimize the risk of exploitation. Avoid using API keys that contain potentially malicious XML-based payloads until the issue is resolved.