Zoho ManageEngine ServiceDesk Plus 9.3 Cross Site Scripting Vulnerability

Summary

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.

Credit:

The information has been provided by Vingroup
The original article can be found at: https://github.com/tuyenhva/CVE-2019-12189


Details

Zohocorp Manageengine Servicedesk Plus is prone to a cross-site scripting vulnerability.This allows remote attackers to inject arbitrary web script or HTML via vulnerable vectors.A remote attacker can use cross-site scripting(XSS) to send a hostile script to an unsuspicious user

 

Vulnerable Systems:

  • Zohocorp Manageengine Servicedesk Plus 9.3

CVE Information:
CVE-2019-12189

Disclosure Timeline:
Publish Date:05/21/2019

Categories: News