ManageEngine ServiceDesk Plus MSP < 14.9 Build 14940 Privilege Escalation

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.9 Build 14940. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-8309 advisory. - A privilege escalation vulnerability caused by the overly permissive regular expression regex...

CVE-2025-8309 User privilege escalation vulnerability

There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability impacts Asset Explorer versions before 7710, ServiceDesk Plus versions before 15110,...

CVE-2025-8309 User privilege escalation vulnerability

There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability impacts Asset Explorer versions before 7710, ServiceDesk Plus versions before 15110,...

ZOHO多款产品 安全漏洞

ZOHO ManageEngine ServiceDesk Plus and others are products of ZOHO, Inc. ZOHO ManageEngine ServiceDesk Plus is a suite of IT service management software based on the ITIL architecture.ZOHO ManageEngine ZOHO ManageEngine ServiceDesk Plus is a set of IT service management software based on ITIL...

CVE-2021-31160

Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data...

CVE-2024-50053

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...

CVE-2024-41150

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800...

CVE-2024-38869

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25...

CVE-2024-41150 Stored XSS

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800...

CVE-2024-41150 Stored XSS

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800...

CVE-2024-38869 Incorrect Authorization

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25...

CVE-2024-38869 Incorrect Authorization

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25...

CVE-2024-38869

CVE-2024-38869 (Zoho ManageEngine) is tied to an incorrect authorization weakness that enables a stored cross-site scripting (XSS) vulnerability in remote office deployment configurations. Concrete details from PT-2024-6653 indicate affected products and versions include Endpoint Central before 1...

PT-2024-5294 · Zoho · Zoho Manageengine Servicedesk Plus +1

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus versions below 14730 Zoho ManageEngine ServiceDesk Plus MSP versions below 14720 Zoho ManageEngine SupportCenter Plus versions below 14720 Description: The vulnerability exists in the Custom Actions componen...

ManageEngine ServiceDesk Plus MSP < 14.5 Build 14504 XSS

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.5 Build 14504. It is, therefore, affected by a stored cross-site scripting XSS vulnerability that allows a low-privileged technician to inject malicious JavaScript into the task's name when creating a tim...

CVE-2023-49943

Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS by a low-privileged technician via a task's name in a time sheet...

CVE-2023-49943

CVE-2023-49943 affects Zoho ManageEngine ServiceDesk Plus MSP prior to version 14.5 Build 14504. The issue is a stored cross-site scripting (XSS) vulnerability exploitable by a low-privileged technician through a time-sheet task name, with the attacker needing at least some user interaction. Publ...

The vulnerability of the generateSQLReport() function in software solutions for Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus, as well as the ManageEngine AssetExplorer software for managing IT assets, allows attackers to exploit their privileges.

The vulnerability of the generateSQLReport function in software solutions for Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus, as well as the ManageEngine AssetExplorer software for IT asset management, is related to deficiencie...

ManageEngine ServiceDesk Plus MSP < 13.0 Build 13002

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 13.0 Build 13002. It is, therefore, affected by a vulnerability as referenced in the service-desk-mspCVE-2023-23073 advisory. - Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14...

ManageEngine ServiceDesk Plus MSP < 14.3 Build 14300

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.3 Build 14300. It is, therefore, affected by a vulnerability as referenced in the service-desk-mspCVE-2023-34197 advisory. - Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before...