Lucene search
Vingroup1337DAY-ID-32770HistoryMay 23, 2019 - 12:00 a.m.
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting Vulnerability
2019-05-2300:00:00
Vingroup
0day.today
52
EPSS
0.003
Percentile
70.9%
Exploit for php platform in category web applications
# Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting
# Exploit Author: Enter of VinCSS (Vingroup)
# Vendor Homepage: https://www.manageengine.com/products/service-desk
# Version: Zoho ManageEngine ServiceDesk Plus 9.3
# CVE : CVE-2019-12189
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
The vulnerability stems from the confusion of both single quotes and semicolon in the query string of the URL.
payload: ';alert('XSS');' Attack vector: http:///site.com/SearchN.do
# 0day.today [2019-05-24] #Related
cve
cve
CVE-2019-12189
2019-05-21 18:29:00
CVE-2019-12539
2019-07-11 14:15:11
exploitdb
exploitdb
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting
2019-05-22 00:00:00
packetstorm
packetstorm
Zoho ManageEngine ServiceDesk Plus 9.3 Cross Site Scripting
2019-05-22 00:00:00
exploitpack
exploitpack
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting
2019-05-22 00:00:00
prion
prion
Design/Logic Flaw
2019-05-21 18:29:00
Code injection
2019-07-11 14:15:00
cvelist
cvelist
CVE-2019-12189
2019-05-21 17:30:14
CVE-2019-12539
2019-07-11 13:16:35
nvd
nvd
CVE-2019-12189
2019-05-21 18:29:00
CVE-2019-12539
2019-07-11 14:15:11