Lucene search
+L

620 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:1 a.m.7 views

CVE-2019-12539

An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189...

6.1CVSS5.5AI score0.05917EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:0 a.m.6 views

CVE-2019-12538

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field...

6.1CVSS5.7AI score0.06029EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:58 a.m.4 views

CVE-2019-12252

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges guest can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution=E-Mail=SOLFORWARD= substring...

6.5CVSS6.9AI score0.08359EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:20 a.m.8 views

CVE-2019-15083

Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator...

6.1CVSS6.3AI score0.06301EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:34 a.m.11 views

CVE-2011-2755

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors...

5CVSS7.1AI score0.30878EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:34 a.m.10 views

CVE-2011-2757

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the FILENAME parameter. NOTE: this might overlap the US-CERT VU543310 issue...

5CVSS7AI score0.39366EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:34 a.m.7 views

CVE-2011-2756

FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors...

5CVSS7AI score0.01978EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/22 12:0 a.m.2 views

PT-2025-22455 · Zohocorp · Manageengine Servicedesk Plus +1

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 Description: The issue concerns an authenticated Local File Inclusion LFI in the Admin module of the software, specifically where help card content is...

6.5CVSS6.3AI score0.01225EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/21 8:46 p.m.9 views

CVE-2008-1299

Cross-site scripting XSS vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained sole...

6.1CVSS5.5AI score0.00808EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/23 6:16 a.m.22 views

CVE-2024-50053

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...

6.3CVSS5.9AI score0.01033EPSS
Exploits0References1
OSV
OSV
added 2025/03/21 6:15 a.m.5 views

CVE-2024-50053

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...

5.4CVSS5.8AI score0.01033EPSS
Exploits0References1
NVD
NVD
added 2025/03/21 6:15 a.m.22 views

CVE-2024-50053

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...

6.3CVSS0.01033EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/21 6:1 a.m.5 views

CVE-2024-50053 Stored XSS

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...

6.3CVSS6AI score0.01033EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/21 6:1 a.m.28 views

CVE-2024-50053 Stored XSS

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...

6.3CVSS0.01033EPSS
Exploits0References1
CVE
CVE
added 2025/03/21 6:1 a.m.81 views

CVE-2024-50053

CVE-2024-50053 affects ManageEngine ServiceDesk Plus (and MSP/SupportCentre Plus) prior to version 14920 (and MSP/SupportCentre prior to 14910). The vulnerability is a stored XSS in the Task feature, allowing an attacker-supplied payload to be stored and executed when a user accesses the task. Th...

6.3CVSS6AI score0.01033EPSS
Exploits0References1Affected Software3
Tenable Nessus
Tenable Nessus
added 2025/03/13 12:0 a.m.26 views

ManageEngine ServiceDesk Plus MSP < 14.9 Build 14910

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.9 Build 14910. It is, therefore, affected by a vulnerability as referenced in the service-desk-mspCVE-2024-50053 advisory. - A stored cross-site scripting XSS vulnerability allowed authenticated technicia...

6.3CVSS5.2AI score0.01033EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/12/13 12:0 a.m.13 views

ManageEngine ServiceDesk Plus < 14.9 Build 14920

The version of ManageEngine ServiceDesk Plus installed on the remote host is prior to 14.9 Build 14920. It is, therefore, affected by a vulnerability as referenced in the service-deskCVE-2024-50053 advisory. - A stored cross-site scripting XSS vulnerability allowed authenticated technicians to...

6.3CVSS5.2AI score0.01033EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/10/08 12:0 a.m.10 views

The vulnerability in the implementation of the application programming interface for Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus allows a attacker to perform XSS attacks.

The vulnerability of the application programming interface for Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to...

8.7CVSS5.4AI score0.0101EPSS
Exploits0References3Affected Software3
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.201 views

ManageEngine ServiceDesk Plus Path Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine ServiceDesk Plus Path Traversal", 'Description' = %q This module exploits an unauthenticated path traversal vulnerability found in...

7.4AI score
Exploits0
NVD
NVD
added 2024/08/23 3:15 p.m.46 views

CVE-2024-41150

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800...

6.3CVSS0.01202EPSS
Exploits0References1
Rows per page
Query Builder