Cross-Site Scripting Vulnerabilities in ManageEngine ServiceDesk Plus by Zoho
CVE-2012-2585

Currently unrated

Key Information:

Vendor: Manageengine
Status: Servicedesk Plus
Vendor: CVE Published:; 12 August 2012

Summary

ManageEngine ServiceDesk Plus 8.1 is susceptible to multiple cross-site scripting (XSS) vulnerabilities that allow attackers to inject arbitrary web scripts or HTML. These attacks can be executed through manipulated email messages, leveraging various techniques such as inserting SCRIPT elements, utilizing crafted CSS expression properties, or exploiting the SRC attributes in IFRAME elements. This vulnerability poses significant security risks, enabling unauthorized data access and potential takeover of user sessions.

References

http://www.exploit-db.com/exploits/20356/

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 12, 2012