Servicedesk Plus Security Vulnerabilities and Issues — Servicedesk Plus CVE List

Lucene search

ManageengineServicedesk Plus

2 matches found

CVE•added 2011/09/20 10:55 a.m.•40 views

CVE-2011-1509

The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

5CVSS6.1AI score0.00192EPSS

CVE•added 2011/09/20 10:55 a.m.•39 views

CVE-2011-1510

Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.

4.3CVSS5.7AI score0.00329EPSS