CVE-2021-38560

CVE-2021-38560

EPSS 2.9%

Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://forums.ivanti.com/s/article/Ivanti-Service-Manager-Asset-Manager-2021-1-Release-Notes?language=en_US https://github.com/os909/iVANTI-CVE-2021-38560