Lucene search

ManageEngineCVELIST:CVE-2024-41150

HistoryAug 23, 2024 - 2:08 p.m.

CVE-2024-41150 Stored XSS

2024-08-2314:08:17

CWE-79

ManageEngine

www.cve.org

zohocorp

manageengine

servicedesk plus

servicedesk plus msp

supportcenter plus

stored cross-site scripting vulnerability

cve-2024-41150.

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

EPSS

0.002

Percentile

51.9%

JSON

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.

CNA Affected

[
  {
    "collectionURL": "https://www.manageengine.com/products/service-desk/",
    "defaultStatus": "unaffected",
    "product": "ServiceDesk Plus",
    "vendor": "ManageEngine",
    "versions": [
      {
        "lessThanOrEqual": "14810",
        "status": "affected",
        "version": "0",
        "versionType": "14810"
      }
    ]
  },
  {
    "collectionURL": "https://www.manageengine.com/products/service-desk/",
    "defaultStatus": "unaffected",
    "product": "ServiceDesk Plus MSP",
    "vendor": "ManageEngine",
    "versions": [
      {
        "lessThanOrEqual": "14800",
        "status": "affected",
        "version": "0",
        "versionType": "14810"
      }
    ]
  },
  {
    "collectionURL": "https://www.manageengine.com/products/service-desk/",
    "defaultStatus": "unaffected",
    "product": "SupportCenter Plus",
    "vendor": "ManageEngine",
    "versions": [
      {
        "lessThanOrEqual": "14800",
        "status": "affected",
        "version": "0",
        "versionType": "14810"
      }
    ]
  }
]

References

www.manageengine.com/products/service-desk/CVE-2024-41150.html