Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd0fc0942c-577d-436f-ae8e-945763c79b02NVD:CVE-2024-27314
HistoryMay 27, 2024 - 7:15 a.m.

CVE-2024-27314

2024-05-2707:15:09
CWE-79
0fc0942c-577d-436f-ae8e-945763c79b02
web.nvd.nist.gov
1
zoho manageengine
servicedesk plus
supportcenter plus
stored xss
sdadmin role

2.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

3.2 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.

Related

cvelist 1
vulnrichment 1
nessus 3
cve 1
cvelist
cvelist
CVE-2024-27314 Stored XSS Vulnerability
2024-05-27 07:03:13
vulnrichment
vulnrichment
CVE-2024-27314 Stored XSS Vulnerability
2024-05-27 07:03:13
nessus
nessus
ManageEngine SupportCenter Plus < 14.7 Build 14720
2024-05-24 00:00:00
ManageEngine ServiceDesk Plus < 14.7 Build 14730
2024-05-24 00:00:00
ManageEngine ServiceDesk Plus MSP < 14.7 Build 14720
2024-05-24 00:00:00
cve
cve
CVE-2024-27314
2024-05-27 07:15:09

2.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

3.2 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for NVD:CVE-2024-27314
cvelist1vulnrichment1nessus3cve1