Vulnerability Details CVE-2021-38560
Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://forums.ivanti.com/s/article/Ivanti-Service-Manager-Asset-Manager-2021-1-Release-Notes?language=en_US
- https://github.com/os909/iVANTI-CVE-2021-38560
- https://forums.ivanti.com/s/article/Ivanti-Service-Manager-Asset-Manager-2021-1-Release-Notes?language=en_US
- https://github.com/os909/iVANTI-CVE-2021-38560
Products affected by CVE-2021-38560
-
cpe:2.3:a:ivanti:service_manager:2021.1