Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.
References
Configurations
No configuration.
History
21 Nov 2024, 09:04
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.manageengine.com/products/service-desk/cve-2024-27314.html - |
07 Jun 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 |
30 May 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users. |
28 May 2024, 12:39
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
27 May 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-27 07:15
Updated : 2024-11-21 09:04
NVD link : CVE-2024-27314
Mitre link : CVE-2024-27314
CVE.ORG link : CVE-2024-27314
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')