Lucene search
MitreCVELIST:CVE-2019-15083HistoryMay 14, 2020 - 1:45 p.m.
CVE-2019-15083
2020-05-1413:45:08
mitre
www.cve.org
2
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At “Asset Home > Server > <workstation> > software” the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.
Related
zdt
zdt
ManageEngine Service Desk 10.0 - Cross-Site Scripting Vulnerability
2020-05-15 00:00:00
packetstorm
packetstorm
ManageEngine Service Desk 10.0 Cross Site Scripting
2020-05-15 00:00:00
prion
prion
Code injection
2020-05-14 14:15:00
nvd
nvd
CVE-2019-15083
2020-05-14 14:15:11
exploitdb
exploitdb
ManageEngine Service Desk 10.0 - Cross-Site Scripting
2020-05-15 00:00:00
cve
cve
CVE-2019-15083
2020-05-14 14:15:11