Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2020/Jan/32 | Exploit Mailing List Third Party Advisory |
https://sec-consult.com/en/vulnerability-lab/advisories/index.html | Exploit Third Party Advisory |
https://seclists.org/bugtraq/2020/Jan/34 | Exploit Mailing List Third Party Advisory |
https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2020-01-23 15:15
Updated : 2024-02-28 17:28
NVD link : CVE-2020-6843
Mitre link : CVE-2020-6843
CVE.ORG link : CVE-2020-6843
JSON object : View
Products Affected
zohocorp
- manageengine_servicedesk_plus
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')