Zoho ManageEngine ServiceDesk Plus 9.3 Cross Site Scripting Vulnerability


An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.


The information has been provided by Vingroup
The original article can be found at: https://github.com/tuyenhva/CVE-2019-12189


Zohocorp Manageengine Servicedesk Plus is prone to a cross-site scripting vulnerability.This allows remote attackers to inject arbitrary web script or HTML via vulnerable vectors.A remote attacker can use cross-site scripting(XSS) to send a hostile script to an unsuspicious user


Vulnerable Systems:

  • Zohocorp Manageengine Servicedesk Plus 9.3

CVE Information:

Disclosure Timeline:
Publish Date:05/21/2019

Categories: News