Medium severity5.4NVD Advisory· Published Apr 2, 2018· Updated Jun 17, 2026
CVE-2018-9163
CVE-2018-9163
Description
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <5.3
Patches
Vulnerability mechanics
References
4- gurelahmet.com/cve-2018-9163-zoho-manageengine-recovery-manager-plus-5-3-build-5330-stored-cross-site-scripting-xss-vulnerability/nvdExploitThird Party Advisory
- www.securityfocus.com/bid/103773nvdThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/44666/nvdThird Party AdvisoryVDB Entry
- www.manageengine.com/ad-recovery-manager/release-notes.htmlnvdRelease Notes
News mentions
0No linked articles in our index yet.