Cross-site Scripting (XSS) Vulnerabilities

This document provides information about the different cross-site scripting (XSS) vulnerabilities detected in Mobile Device Manager Plus and provides the resolution to secure the server from these vulnerabilities

 

Vulnerability Description Detected by Fix available in build Fix released on
XSS vulnerability in the product login screen Ken Pyle 92698 Nov 5, 2019
XSS vulnerability in the Geofencing page Zoho Corp. 92666 Oct 29, 2019
XSS vulnerability in the Audit Log view Zoho Corp. 92666 Oct 29, 2019
XSS vulnerability in the Upload App page Guhan Raja 92340 Aug 17, 2018

Resolution

The fixes for the above mentioned vulnerabilities were released in the build numbers mentioned above. If your MDM server is affected by the vulnerability or is running a version below the build number mentioned, upgrade your Mobile Device Manager Plus server to the appropriate build to resolve the issues.

For more updates on security fixes, follow our Vulnerability Updates forums.