CVE-2020-27449

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Password Manager Pro version 11001

Description The issue is related to a Cross Site Scripting (XSS) vulnerability in the Query Report feature, which allows remote attackers to execute arbitrary code and steal cookies via a crafted JavaScript payload.

Recommendations For Zoho ManageEngine Password Manager Pro version 11001, consider disabling the Query Report feature until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the Query Report feature to minimize the risk of arbitrary code execution and cookie theft. Avoid using the Query Report feature with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.