Products
Zoho ManageEngine ServiceDesk Plus
- before 14730
Zoho ManageEngine ServiceDesk Plus MSP
- before 14720
Zoho ManageEngine SupportCenter Plus
- before 14730
Source
0fc0942c-577d-436f-ae8e-945763c79b02
Tags
CVE-2024-27314 details
Last Modified : May 27, 2024, 7:15 a.m.
Description
Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14730 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.
CVSS Score
1 | 2.4 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
Base Score
2.4
Exploitability Score
Impact Score
Base Severity
LOW
Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
References
URL | Source |
---|---|
https://www.manageengine.com/products/service-desk/cve-2024-27314.html | 0fc0942c-577d-436f-ae8e-945763c79b02 |