620 matches found
CVE-2019-12539
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189...
CVE-2019-12538
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field...
CVE-2019-12252
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges guest can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution=E-Mail=SOLFORWARD= substring...
CVE-2019-15083
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator...
CVE-2011-2755
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors...
CVE-2011-2757
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the FILENAME parameter. NOTE: this might overlap the US-CERT VU543310 issue...
CVE-2011-2756
FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors...
PT-2025-22455 · Zohocorp · Manageengine Servicedesk Plus +1
Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 Description: The issue concerns an authenticated Local File Inclusion LFI in the Admin module of the software, specifically where help card content is...
CVE-2008-1299
Cross-site scripting XSS vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained sole...
CVE-2024-50053
Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...
CVE-2024-50053
Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...
CVE-2024-50053
Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...
CVE-2024-50053 Stored XSS
Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...
CVE-2024-50053 Stored XSS
Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...
CVE-2024-50053
CVE-2024-50053 affects ManageEngine ServiceDesk Plus (and MSP/SupportCentre Plus) prior to version 14920 (and MSP/SupportCentre prior to 14910). The vulnerability is a stored XSS in the Task feature, allowing an attacker-supplied payload to be stored and executed when a user accesses the task. Th...
ManageEngine ServiceDesk Plus MSP < 14.9 Build 14910
The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.9 Build 14910. It is, therefore, affected by a vulnerability as referenced in the service-desk-mspCVE-2024-50053 advisory. - A stored cross-site scripting XSS vulnerability allowed authenticated technicia...
ManageEngine ServiceDesk Plus < 14.9 Build 14920
The version of ManageEngine ServiceDesk Plus installed on the remote host is prior to 14.9 Build 14920. It is, therefore, affected by a vulnerability as referenced in the service-deskCVE-2024-50053 advisory. - A stored cross-site scripting XSS vulnerability allowed authenticated technicians to...
The vulnerability in the implementation of the application programming interface for Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus allows a attacker to perform XSS attacks.
The vulnerability of the application programming interface for Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to...
ManageEngine ServiceDesk Plus Path Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine ServiceDesk Plus Path Traversal", 'Description' = %q This module exploits an unauthenticated path traversal vulnerability found in...
CVE-2024-41150
An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800...