CNNVD-202512-1586 Information
Dec 09, 2025
cve
CNNVD ID
CNNVD-202512-1586
Related CVE
- CNNVD Published: 2025-12-09
Description (Chinese)
Ivanti Endpoint Manager(EPM)是美国Ivanti公司的一套端点安全管理器。 Ivanti Endpoint Manager(EPM) 2024 SU4 SR1之前版本存在跨站脚本漏洞,该漏洞源于存储型跨站脚本,可能导致远程未经验证攻击者在管理员会话环境中执行任意JavaScript。
Description (English)
Ivanti Endpoint Manager (EPM) is an end-point security manager for Ivanti USA. The previous version of Ivanti Endpoint Manager (EPM) 2024 SU4 SR1 had a cross-site script loophole, which originated in a storage-type cross-site script and could result in the remote unverified attacker performing any kind of JavaScript in the administrator’s session environment.
Hazard Level
Low
Vulnerability Type
跨站脚本
Affected Vendor
Ivanti
Published
2025-12-09
Last Modified
2026-02-24
References
https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024
Patch
https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024
Share on: