Stored XSS Vulnerability in ManageEngine ServiceDesk Plus by Zohocorp
CVE-2024-50053

6.3MEDIUM

Key Information:

Vendor: Manageengine
Status: Servicedesk Plus; Servicedesk Plus Msp; Supportcentre Plus
Vendor: CVE Published:; 21 March 2025

What is CVE-2024-50053?

The vulnerability allows attackers to inject malicious scripts into the task feature of ManageEngine ServiceDesk Plus. This can potentially lead to unauthorized access to sensitive user information, as the injected scripts execute in the context of the user's session. Organizations using versions below 14920 of ServiceDesk Plus and below 14910 for MSP and SupportCentre Plus are urged to apply patches and updates to mitigate this serious security risk.

Affected Version(s)

ServiceDesk Plus 0 <= 14910

ServiceDesk Plus MSP 0 <= 14900

SupportCentre Plus 0 <= 14900

References

https://www.manageengine.com/products/service-desk/CVE-20...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2025
Vulnerability Reserved
Nov 7, 2024

Credit

Dinh Vu