Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.
[
{
"product": "ManageEngine ServiceDesk Plus",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Before 11200"
}
]
},
{
"product": "ManageEngine AssetExplorer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Before 6800"
}
]
}
]