CVE-2024-50053 | THREATINT

Description

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.

PUBLISHED Reserved 2024-11-07 | Published 2025-03-21 | Updated 2025-05-05 | Assigner Zohocorp

MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Credits

vuhd and brocked200 from Viettel Cyber Security reporter

References

www.manageengine.com/...cts/service-desk/CVE-2024-50053.html

cve.org (CVE-2024-50053)

nvd.nist.gov (CVE-2024-50053)

Download JSON

help @ threatint.eu