Zoho ManageEngine ServiceDesk Plus 9.3 Cross Site Scripting Vulnerability
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
The information has been provided by Vingroup
The original article can be found at: https://github.com/tuyenhva/CVE-2019-12189
Zohocorp Manageengine Servicedesk Plus is prone to a cross-site scripting vulnerability.This allows remote attackers to inject arbitrary web script or HTML via vulnerable vectors.A remote attacker can use cross-site scripting(XSS) to send a hostile script to an unsuspicious user
- Zohocorp Manageengine Servicedesk Plus 9.3