Lucene search
+L

6 matches found

Tenable Nessus
Tenable Nessus
added 2024/01/25 12:0 a.m.80 views

ManageEngine ServiceDesk Plus MSP < 14.5 Build 14504 XSS

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.5 Build 14504. It is, therefore, affected by a stored cross-site scripting XSS vulnerability that allows a low-privileged technician to inject malicious JavaScript into the task's name when creating a tim...

5.4CVSS5.4AI score0.01759EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/15 12:0 a.m.45 views

ManageEngine ServiceDesk Plus MSP < 14.3 Build 14300

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.3 Build 14300. It is, therefore, affected by a vulnerability as referenced in the service-desk-mspCVE-2023-34197 advisory. - Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before...

5.4CVSS5.8AI score0.03542EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/15 12:0 a.m.32 views

ManageEngine ServiceDesk Plus MSP < 13.0 Build 13002

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 13.0 Build 13002. It is, therefore, affected by a vulnerability as referenced in the service-desk-mspCVE-2023-23073 advisory. - Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14...

6.1CVSS6.1AI score0.02813EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/07 12:0 a.m.5 views

PT-2023-24732 · Zoho · Zoho Manageengine Servicedesk Plus +1

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus versions prior to 14202 Zoho ManageEngine ServiceDesk Plus MSP versions prior to 14300 Zoho ManageEngine SupportCenter Plus versions prior to 14300 Description: The issue allows unprivileged users to access...

5.4CVSS7.4AI score0.03542EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/12/02 12:0 a.m.22 views

ManageEngine ServiceDesk Plus MSP < 13.0 Build 13001 XXE

An XML external entity XXE vulnerability exists in ManageEngine ServiceDesk Plus MSP prior to 13.0 Build 13001 due to a flaw in the Analytics Plus integration. Threat actors with admin role access can retrieve local files from the server running the affected products. Note that Nessus has not...

4.9CVSS5.4AI score0.03456EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2022/11/15 12:0 a.m.30 views

ManageEngine ServiceDesk Plus MSP exportMickeyList Improper Input Validation Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. Authentication is required to exploit this vulnerability. The specific flaw exists within the exportMickeyList action. The issue results from the lack of proper...

8.8CVSS1.9AI score0.04545EPSS
Exploits0References1
Rows per page
Query Builder