Stored Cross-site Scripting vulnerability in ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus
CVE-2024-41150
6.1MEDIUM
Key Information
- Vendor
- Manageengine
- Status
- Servicedesk Plus
- Servicedesk Plus Msp
- Supportcenter Plus
- Vendor
- CVE Published:
- 23 August 2024
Summary
An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.
Affected Version(s)
ServiceDesk Plus <= 14810
ServiceDesk Plus MSP <= 14800
SupportCenter Plus <= 14800
Refferences
EPSS Score
1% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database