Stored Cross-site Scripting vulnerability in ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus
CVE-2024-41150

6.1MEDIUM

Key Information:

Vendor: Manageengine
Status: Servicedesk Plus; Servicedesk Plus Msp; Supportcenter Plus
Vendor: CVE Published:; 23 August 2024

Summary

A stored cross-site scripting vulnerability exists in the request module within Zohocorp's ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus applications. This vulnerability allows an attacker to inject malicious scripts into web pages that are viewed by other users. If exploited, this can lead to unauthorized actions being performed on behalf of the victim or extraction of sensitive data. It affects specific versions of ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus, necessitating immediate action from users to mitigate security risks.

Affected Version(s)

ServiceDesk Plus 0 <= 14810

ServiceDesk Plus MSP 0 <= 14800

SupportCenter Plus 0 <= 14800

References

https://www.manageengine.com/products/service-desk/CVE-20...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 23, 2024
Vulnerability Reserved
Jul 16, 2024