XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus
CVE-2021-46065
4.8MEDIUM
What is CVE-2021-46065?
A Cross-site scripting (XSS) vulnerability exists in the Secondary Email Field of Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306. This flaw allows attackers to inject arbitrary JavaScript code, potentially compromising user sessions or redirecting users to malicious sites. Proper user input validation and sanitization measures are critical to mitigate this risk.
References
EPSS Score
22% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved