CVE-2024-41150

Published: Aug 23, 2024Modified: Aug 27, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.

Affected (6)

Products: Zohocorp: Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus

Zohocorp

3 products

Manageengine Servicedesk Plus

Manageengine Servicedesk Plus Msp

Manageengine Supportcenter Plus

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Servicedesk Plus	Up to 14.7
Zohocorp Manageengine Servicedesk Plus	Version 14.8 14810
Zohocorp Manageengine Servicedesk Plus Msp	Up to 14.7
Zohocorp Manageengine Servicedesk Plus Msp	Version 14.8 14800
Zohocorp Manageengine Supportcenter Plus	Up to 14.7
Zohocorp Manageengine Supportcenter Plus	Version 14.8 14800

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

https://www.manageengine.com/products/service-desk/CVE-2024-41150.html

Source: 0fc0942c-577d-436f-ae8e-945763c79b02

Vendor Advisory

Timeline

No history available yet.