← Back

CVE-2023-49943

nvd nist
Published: Jan 18, 2024Modified: Jun 2, 2025

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet.

Affected (5)

Zohocorp
1 product
Manageengine Servicedesk Plus Msp
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Servicedesk Plus Msp
Before 14.5
Manageengine Servicedesk Plus Msp
Version 14.5 14500
Manageengine Servicedesk Plus Msp
Version 14.5 14501
Manageengine Servicedesk Plus Msp
Version 14.5 14502
Manageengine Servicedesk Plus Msp
Version 14.5 14503

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: cve@mitre.org
Product
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.