CVE-2024-50053

Published: Mar 21, 2025Modified: Mar 27, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.

Affected (7)

Products: Zohocorp: Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcentre Plus

Zohocorp

3 products

Manageengine Servicedesk Plus

Manageengine Servicedesk Plus Msp

Manageengine Supportcentre Plus

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Servicedesk Plus	Before 14.9
Zohocorp Manageengine Servicedesk Plus	Version 14.9
Zohocorp Manageengine Servicedesk Plus	Version 14.9 14910
Zohocorp Manageengine Servicedesk Plus Msp	Before 14.9
Zohocorp Manageengine Servicedesk Plus Msp	Version 14.9 14900
Zohocorp Manageengine Supportcentre Plus	Before 14.9
Zohocorp Manageengine Supportcentre Plus	Version 14.9 14900

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

https://www.manageengine.com/products/service-desk/CVE-2024-50053.html

Source: 0fc0942c-577d-436f-ae8e-945763c79b02

Vendor Advisory

Timeline

No history available yet.