What is CVE-2021-20080?

CVE-2021-20080 is a vulnerability in Manageengine Assetexplorer. Published 2021-04-09.

Is CVE-2021-20080 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Manageengine Assetexplorer

CVE-2021-20080

Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by…

EPSS: 0.931 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a Manageengine Assetexplorer — versions Before 6800
N/a Manageengine Servicedesk Plus — versions Before 11200

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
cyb3r-w0lf/nuclei-template-collection

References

www.tenable.com/security/research/tra-2021-11 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-20080?: CVE-2021-20080 is a vulnerability in Manageengine Assetexplorer. Published 2021-04-09.
Is CVE-2021-20080 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.